Professional Documents
Culture Documents
Manager
AUTOSAR CP Release 4.4.0
7 Functional specification
To define the functionality of the Dcm module, The Dcm SWS models the Dcm module
as consisting of the following submodules:
• Diagnostic Session Layer (DSL) submodule: The DSL submodule ensures data
flow concerning diagnostic requests and responses, supervises and guarantees
diagnostic protocol timing and manages diagnostic states (especially diagnostic
session and security).
• Diagnostic Service Dispatcher (DSD) submodule: The DSD submodule pro-
cesses a stream of diagnostic data. The submodule:
– Receives a new diagnostic request over a network and forwards it to a data
processor.
DspInternal_CancelPagedBufferProcessing()
DEM Interface DEM
Xxx_ReadData() DsdInternal_ProcessPage()
Xxx_WriteData()
Xxx_ReadDataLength() DspInternal_DcmUpdatePage()
DsdInternal_StartPagedProcessing()
Xxx_ConditionCheckRead()
Xxx_GetScalingInformation()
DSD
Service Interpreter calls
Xxx_ReturnControlToECU()
Xxx_ResetToDefault() DspInternal_DcmConfirmation()
Xxx_FreezeCurrentState() DSP
Xxx_ShortTermAdjustment() <Module>_<DiagnosticService>_<SubService>
RTE (Application)
()
Xxx_GetInfoTypeValue() <Module>_<DiagnosticService>()
Xxx_IsDidAvailable()
Xxx_WriteDidData()
Transmit functionality
Xxx_Stop()
Xxx_RequestResults()
Xxx_RequestControl()
External
Xxx_GetSeed()
Xxx_CompareKey() module
Xxx_Indication()
Xxx_Confirmation() PDU Router
Dcm_StartOfReception()
Dcm_CopyRxData()
DslInternal_SetSesCtrlType() Dcm_CopyTxData()
Dcm_TpRxIndication()
DslInternal_SetSecurityLevel()
Dcm_TpTxConfirmation()
PduR_DcmTransmit()
PduR_DcmCancelTransmit()
DSL PduR_DcmCancelReceive()
Dcm_ResetToDefaultSession()
Dcm_GetSecurityLevel( COM Manager
Dcm_GetSesCtrlTypel( *1 | see page
Dcm_GetActiveProtocol()
Xxx_StartProtocol() *2 | before
|
Xxx_StopProtocol() Dcm_Init() |
Note: The implementation of these submodules and the interfaces between them is
not mandatory. They are introduced only to improve the readability of the specification.
The standards defining the UDS Services and OBD Services define the negative re-
sponse codes (NRCs). The Dcm SWS uses these NRCs in the interfaces between the
Dcm and other BSW modules and the SW-Cs. These NRCs are defined in the data
type Dcm_NegativeResponseCodeType.
[SWS_Dcm_01075] d The order of the transmitted NRC shall be compliant with the one
described in ISO14229-1 [1]. c()
7.2.4 Types
[SWS_Dcm_00969] d The Dcm shall treat non-integer data types (e.g. uint8[n]) either
like integer data types of the matching size or leave their contents uninterpreted in case
DcmDspDataEndianness is configured to OPAQUE. c()
[SWS_Dcm_00970] d The Dcm module shall interpret opaque data as uint8[n] and
shall always map it to an n-bytes sized signal. For opaque data endianness, DcmDsp-
DataEndianness has to be configured to OPAQUE. c()
[SWS_Dcm_00971] d The Dcm shall extend the endianness conversion defined in [10],
to signed data types. c()
In [10] (Chapter 2.4) the endianness conversion is defined for unsigned data types. The
associated configurations can be found in the configuration 10.2.5.9.1 DcmDspData.
7.2.4.4 Dcm_OpStatusType
For the operation using the Dcm_OpStatusType, the Dcm shall work as follow :
[SWS_Dcm_00527] d At first call of an operation using the Dcm_OpStatusType, the
Dcm call the operation with OpStatus = DCM_INITIAL c()
[SWS_Dcm_00528] d If the value DCM_E_FORCE_RCRRP is returned from an oper-
ation using Dcm_OpStatusType, the Dcm shall invoke the transmit request for RCR-RP
(NRC 0x78 transmission) and the Dcm shall not realize further invocation of the opera-
tion till RCR-RP is transmitted. c()
[SWS_Dcm_00529] d After transmit confirmation of a RCR-RP transmitted on the con-
text of [SWS_Dcm_00528], the Dcm calls, from Dcm_MainFunction (due to call con-
text), the operation again with OpStatus = DCM_FORCE_RCRRP_OK. c()
[SWS_Dcm_00530] d If a DCM_E_PENDING value is returned from an operation us-
ing the Dcm_OpStatusType, the Dcm call the operation on each Dcm_MainFunction
call with OpStatus = DCM_PENDING as long as DCM_E_PENDING is returned. c()
7.3.1 Introduction
7.3.4.1 Overview
7.3.4.2 Forward requests from the PduR module to the DSD submodule
The PduR module indicates the Dcm module whenever a reception of new diagnos-
tic request content is started on a DcmRxPduId, which is assigned to the Dcm module.
This is done by calling Dcm_StartOfReception, which inform the Dcm module of the
data size to be received and provides the data of the first frame or single frame, and
allows the Dcm to reject the reception if the data size overflows its buffer size, or if the
requested service is not available. The further call to Dcm_CopyRxData request the
Dcm module to copy the data from the provided buffer to the Dcm buffer. If the recep-
tion of a diagnostic request is finished (when Dcm_StartOfReception succeeded)
the PduR module will call Dcm_TpRxIndication to give a receive indication to the
Dcm module. The Dcm shall be able to use generic connections, where the addressing
7.3.4.2.1 Dcm_StartOfReception
[SWS_Dcm_00444] d If the requested size is large than the buffer available in the
DCM, the function Dcm_StartOfReception shall return BUFREQ_E_OVFL (see
[SWS_Dcm_00094]). c()
[SWS_Dcm_00788] d When processing a diagnostic request and in case DcmD-
slDiagRespOnSecondDeclinedRequest is set to TRUE, the Dcm module shall re-
turn BUFREQ_OK on Dcm_StartOfReception received on new request using a
different DcmDslConnection. c()
7.3.4.2.2 Dcm_CopyRxData
7.3.4.2.3 Dcm_TpRxIndication
It is possible, that functional ”TesterPresent” commands are sent by the tester in paral-
lel to physical requests/responses. This is called ”keep alive logic” in ISO14229-1 [1].
This functional ”TesterPresent” will be received on a separate DcmRxPduId (UDS func
DcmRxPduId) ), which is belonging to the same DcmDslConnection as the physical
request. A Dcm-internal receive buffer which is not configured explicitly, is used in this
case. Due to that reason, the functional TesterPresent (and only functional TesterPre-
sent without response) is handled in the following way:
[SWS_Dcm_00112] d When the PduR module calls Dcm_TpRxIndication with pa-
rameter Result=E_OK (see [SWS_Dcm_00093]) and if the request is a ”TesterPresent”
command with ”suppressPosRspMsgIndicationBit” set to TRUE (SID equal to 0x3E,
subfunction equal to 0x80), the DSL submodule shall reset the session timeout timer
(S3Server). c()
[SWS_Dcm_00113] d When the PduR module calls Dcm_TpRxIndication with pa-
rameter Result = E_OK (see [SWS_Dcm_00093]) and if the request is a ”TesterP-
resent” command with ”suppressPosRspMsgIndicationBit” set to TRUE (SID equal to
0x3E, subfunction equal to 0x80), the DSL submodule shall not forward this request to
the DSD submodule for further interpretation. c()
Rationale for [SWS_Dcm_00113]: Because of bypassing the functional ”TesterPre-
sent” in the DSL submodule, the Dcm module is able to receive and process next phys-
ical requests without any delay.
[SWS_Dcm_01168] d The Dcm shall handle a tester present request as concurrent
request only if it was received on a functional address with ”suppressPosRspMsgIndi-
cationBit” set to TRUE. c()
7.3.4.3.1 Dcm_CopyTxData
If the copied data is smaller than the length requested to transmit within the
service PduR_DcmTransmit() the Dcm module will be requested by the service
Dcm_CopyTxData to provide another data when the current copied data have been
transmitted.
[SWS_Dcm_00346] d If the function Dcm_CopyTxData is called and the Dcm module
successfully copied the data in the buffer provided in info parameter, then the function
shall return BUFREQ_OK. c()
[SWS_Dcm_00350] d Caveats of Dcm_CopyTxData:
• The value of parameter availableDataPtr of function Dcm_CopyTxData shall not
exceed the number of Bytes still to be sent.
• If this service returns BUFREQ_E_NOT_OK the transmit requests issued by
calling the service PduR_DcmTransmit() is still not finished. A final confirma-
tion (indicating an error with call of service Dcm_TpTxConfirmation) is re-
quired to finish this service and to be able to start another transmission (call
to PduR_DcmTransmit()). So it is up to the transport protocol to confirm the abort
of transmission.
c()
[SWS_Dcm_00832] d Dcm_CopyTxData shall be callable in interrupt context. c()
7.3.4.3.2 Dcm_TpTxConfirmation
7.3.4.4 Forward responses from the DSD submodule to the PduR module
[SWS_Dcm_00114] d The DSD submodule shall request the DSL submodule for trans-
mission of responses. c()
[SWS_Dcm_00115] d When the diagnostic response of a DcmDslMainConnection
is ready, the DSL submodule shall trigger the transmission of the diagnostic response
to the PduR module by calling PduR_DcmTransmit() using the corresponding DcmD-
slProtocolTxPduRef parameter as PduId. c()
[SWS_Dcm_01072] d In case of PeriodicTransmission, the Dcm shall provide in the call
to PduR_DcmTransmit() the full payload data and expect no call to Dcm_CopyTxData.
c()
[SWS_Dcm_01073] d In case of PeriodicTransmission, the Dcm will be called for pe-
riodic transmission with Dcm_TxConfirmation to indicate the transmission result. c
()
Responses are sent with the DcmTxPduId, which is linked in the Dcm module config-
uration to the DcmRxPduId, i.e. the ID the request was received with (see configu-
ration parameter DcmDslProtocolTx) Within PduR_DcmTransmit() only the length
information and, for generic connections, the addressing information, is given to the
PduR module. After the Dcm module has called successfully PduR_DcmTransmit(),
the PduR module will call Dcm_CopyTxData to request the Dcm module to provide the
data to be transmitted and will call Dcm_TpTxConfirmation after the complete PDU
has successfully been transmitted or an error occurred. see section 7.3.4.5 "Generic
Connection Handling for further details on address information handling within generic
connections".
[SWS_Dcm_00117] d If the DSL submodule receives a confirmation after the com-
plete Dcm PDU has successfully been transmitted or an error occurred by a call of
Dcm_TpTxConfirmation, then the DSL submodule shall forward this confirmation to
the DSD submodule. c()
[SWS_Dcm_00118] d In case of a failed transmission (failed PduR_DcmTransmit() re-
quest) or error confirmation (Dcm_TpTxConfirmation with error), the DSD submod-
ule shall not repeat the diagnostic response transmission. c()
Note: Dcm_TpTxConfirmation is only expected when PduR_DcmTransmit suc-
ceeded.
The Dcm shall be able to handle generic connections, identified by DcmPdus with Meta-
DataItems of type SOURCE_ADDRESS_16 and TARGET_ADDRESS_16. These con-
nections carry the actual tester address at run time. Please note that this address is
not provided to the application. If the application needs to discern different testers, sep-
arate connections have to be created. Generic connections are supported for diagnos-
tics over IP and FlexRay diagnostics, and CAN diagnostics using normal fixed or mixed
29 bit addressing formats according to ISO15765-2 [12]. Depending on the actual lay-
out of the CAN IDs, generic connections could also be used for extended or normal and
mixed 11 bit addressing formats. The Dcm is not aware of the actual addressing format
used by CanTp. Several connections may reference the same DcmPdus.
[SWS_Dcm_CONSTR_6044] d Generic connections shall be consistent. This means
that the MetaDataItems and the PduLength of all referenced PDUs of a DcmDslCon-
nection (DcmDslProtocolRxPduRef, DcmDslProtocolTxPduRef, DcmDslPe-
riodicTxPduRef, DcmDslRoeTxPduRef)are identical. c()
[SWS_Dcm_00848] d The source address of diagnostic requests received via
a generic connection must be stored. It is provided in the MetaDataItem
SOURCE_ADDRESS_16 provided via Dcm_StartOfReception. c()
[SWS_Dcm_00849] Target address for generic connection transmission d If the
Dcm is about to send a response, response on event, or periodic message for a
generic connection request, the Dcm shall set TARGET_ADDRESS_16 to the value
of the stored source address in the MetaDataPtr in the PduR_DcmTransmit(). c
(SRS_Diag_04153)
[SWS_Dcm_01429] d The source address of diagnostic requests received via a
generic connection shall be provided in the parameter TesterSourceAddress
to the application [SWS_Dcm_01339], [SWS_Dcm_01340], [SWS_Dcm_01341],
[SWS_Dcm_01342], [SWS_Dcm_00692], [SWS_Dcm_00694], [SWS_Dcm_00340],
[SWS_Dcm_00698]). c()
[SWS_Dcm_01347] d The target address of diagnostic requests received via a generic
connection can be provided in the MetaDataItem TARGET_ADDRESS_16 received via
Dcm_StartOfReception(). In this case, the Dcm shall ignore physical requests where
the target address is not equal to the configured ECU address DcmDspProtocolE-
cuAddr. c(SRS_Diag_04153)
The UDS service ReadDataByPeriodicIdentifier (0x2A) allows the tester to request the
periodic transmission of data record values from the ECU identified by one or more
periodicDataIdentifiers.
[SWS_Dcm_00122] d The Dcm module shall send responses for periodic transmis-
sions using a separate protocol and a separate buffer of configurable size. c()
The DcmDslPeriodicTransmissionConRef configuration parameter allows linking
the protocol used to receive the periodic transmission request / transmit the periodic
transmission response to the protocol used for the transmission of the periodic trans-
mission messages. Note that multiple DcmTxPduIds can be assigned to the periodic
transmission protocol. The Dcm module respects several restrictions according to the
communication mode:
[SWS_Dcm_00123] d Periodic transmission communication shall only take place in
Full Communication Mode. c()
Periodic transmission events can occur when not in Full Communication Mode. So the
following requirement exists:
[SWS_Dcm_00125] d The Dcm module shall discard periodic transmission events be-
side Full Communication Mode and shall not queue it for transmission. c()
[SWS_Dcm_00126] d Periodic transmission events shall not activate the Full Commu-
nication Mode. c()
With the UDS Service ResponseOnEvent (0x86), a tester requests an ECU to start
or stop transmission of responses initiated by a specified event. Upon registering an
event for transmission, the tester also specifies the corresponding service to respond
to (e.g: UDS Service ReadDataByIdentifier 0x22).
[SWS_Dcm_00595] d The ROE functionality is enabled only if the container DcmD-
slResponseOnEvent exists. c()
[SWS_Dcm_00871] d The Dcm shall support several RoeEvents. Each RoeEvent can
have the states ”ROE cleared”, ”ROE stopped” and ”ROE started”. The transitions
from state to state are described in the following section. The Labels in Figure 7.4
represents the numbers of the sections. c()
[10]
Initial
Roe started
[6]
[SWS_Dcm_00872] d The Dcm changes the state of each event to ’ROE cleared’ state
during Dcm_Init. c()
[SWS_Dcm_00885] d If all RoeEvents are in ’ROE cleared’ state and a valid stopRe-
sponseOnEvent (0x00) request is received the Dcm shall reject the request with a neg-
ative Response with NRC 0x24 (requestSequenceError). c()
[SWS_Dcm_00886] d If all RoeEvents are in ’ROE cleared’ state and a valid StartRe-
sponseOnEvent (0x05) request is received the Dcm shall reject the request with a neg-
ative Response with NRC 0x24 (requestSequenceError). c()
[SWS_Dcm_00887] d If all RoeEvents are in ’ROE cleared’ state and a valid clear-
ResponseOnEvent (0x06) request is received the Dcm answers positively and the
RoeEvents stay in ’ROEcleared’ state.). c()
[SWS_Dcm_00888] d If the non-volatile data could not be read correctly, all RoeEvents
in ’ROE cleared’ state remain in ’ROE cleared’ state. c()
[SWS_Dcm_00892] d The Dcm shall support all ROE sub-functions marked as sup-
ported in Table 7.3. c()
Sub function Sub-function name Kind of ServiceTo Support
ID sub-function RespondTo status
0x00/0x40 stopResponseOnEvent Control Supported
0x01/0x41 onDTCStatusChange Setup 0x19, 0x0E Supported
0x02/0x42 onTimerInterrupt Setup Not supported
0x03/0x43 onChangeOfDataIdentifier Setup 0x22 Supported
0x04 reportActivatedEvents Control Supported
0x05/0x45 StartResponseOnEvent Control Supported
0x06/0x46 clearResponseOnEvent Control Supported
0x07/0x47 onComparisonOfValues Setup Not supported
Other OEM Specific Setup Not supported
Note: If a user wants to support a sub-function with StorageState bit set, then it has to
be explicitly configured in the DSD. The Dcm will not mask the StorageState bit internally.
[SWS_Dcm_00893] d For each setup sub function the Dcm shall only support the one
fixed ServiceToRespondTo. The supported ServiceToRespondTo is listed in Table 7.3.
c()
The EventWindowTime and StorageState are mandatory parameter in every ROE re-
quest. They can be contradicting between the setup request and the related control
request.
[SWS_Dcm_00903] d The Dcm shall evaluate the EventWindowTime from the setup
request. c()
[SWS_Dcm_00894] d he Dcm shall support in general the EventWindowTimes defined
in Table 7.4. c()
[SWS_Dcm_00908] d The Dcm shall only support Roe requests which where pre-
configured in the configuration. c()
Note: The pre-configuration gives the Dcm the freedom to optimized not configured
requests.
[SWS_Dcm_00909] d The Dcm supports the configuration container DcmDspRoe to
configure all supported ResponseOnEvent setup requests. c()
[SWS_Dcm_00954] Pre-configuraton of ROE events d If DcmDspRoeIni-
tialEventStatus is set to DCM_ROE_STOPPED, the Dcm shall behave according
RoeEvent set-up:
• StorageState set to "StoreEvent"
• EventWindowTime set to "infinity"
• DTCStatusMask set to value configured in DcmDspRoeDTCStatusMask in case
of onDTCStatusChange and
• DID set to the value given with DcmDspRoeDidRef in case of onChangeOf-
DataIdentifier
c()
The Dcm supports the transmission from ServiceToResponseTo on the same TxPduId
like the ROE response is send (TYPE 1) or on a different TxPduId (TYPE 2).
[SWS_Dcm_00131] d The configured protocol buffer shall be used for transmission of
the ROE messages (as the reception shall use a separate protocol, a separate buffer
needs to be used for reception). c()
[SWS_Dcm_00926] d If a ROE request is received on a protocol DcmDslMainConnec-
tion, the Dcm shall send the ServiceToRespondTo on the protocol which is referred
as DcmDslROEConnectionRef. c()
Note: if the EventWindowTime ist active over more than this power cycle, the Dcm
has to store the protocol where the event was started.[SWS_Dcm_00927] d If the
referred Protocol for ResponseOnEvent (DcmDslROEConnectionRef) is configured
for TYPE1 the Dcm shall send the ServiceToRespondTo to the same TxPduID as the
ROE response is send to. c()
[SWS_Dcm_00928] d If the referred Protocol for ResponseOnEvent (DcmDslROECon-
nectionRef) is configured for TYPE2 the Dcm shall send the ServiceToRespondTo to
the configured TxPduID (see configuration parameter DcmDslRoeTxPduRef). c()
[SWS_Dcm_00132] d The content of the pMsgContext pointer (ROE message) shall
be copied into the buffer. c()
[SWS_Dcm_00133] d ROE communication shall only be performed in Full Communi-
cation Mode. The Dcm shall check the communication mode of the DcmDslProto-
colComMChannelRef in the DcmDslMainConnection. c()
[SWS_Dcm_00134] d ROE events shall be disabled in any other Communication Mode
except for the Full Communication Mode. c()
[SWS_Dcm_00135] d ROE events occurring in a communication mode different from
Full Communication Mode shall be discarded and not queued for later transmission. c
()
[SWS_Dcm_00136] d ROE events requested by the Application shall not activate the
Full Communication Mode. c()
[SWS_Dcm_01534] Authentication check for service to respond to d On transmis-
sion of the service to respond to, the Dcm shall perform the service authentication
checks and send a positive response only for services that have granted access to that
connection. c(SRS_Diag_04230)
[SWS_Dcm_CONSTR_6025] Reference to DcmDslResponseOnEvent connection
d Only one DcmDslROEConnectionRef shall reference DcmDslResponseOnEvent
connection. c()
[SWS_Dcm_CONSTR_6056] Dependency for DcmDslProtocolTransType d
DcmDslProtocolTransType shall be only present if the Dcm_ProtocolType is
configured to DCM_ROE_ON_CAN or DCM_ROE_ON_FLEXRAY or DCM_ROE_ON_IP. c
()
[SWS_Dcm_00601] d The Dcm module shall respect a minimum time between two (2)
consecutive Roe transmissions (see configuration parameter DcmDspRoeInterMes-
sageTime) c()
[SWS_Dcm_00929] d If at least one RoeEvent is in ’ROE started’ state the Dcm shall
always process ROE request with the sub-function clearResponseOnEvent indepen-
dent of the DcmDslProtocol where the request is received. c()
[SWS_Dcm_00930] d If at least one RoeEvent is in ’ROE started’ state the Dcm shall
always process ROE request with the sub-function stopResponseOnEvent independent
of the DcmDslProtocol where the request is received. c()
[SWS_Dcm_00940] d If at least one RoeEvent is in ’ROE started’ state the Dcm shall
reject all ROE request received on a different DcmDslProtocol than the protocol
where the RoeEvents were started with an NRC 0x22 (ConditionsNotCorrect), except
for [SWS_Dcm_00929] and [SWS_Dcm_00930]. c()
[SWS_Dcm_01045] d Only TYPE2 messages will support parallel execution of Diag-
nosis response. c()
In some cases, e.g. in case of routine execution, the Application needs to request an
immediate NRC 0x78 (Response pending), which shall be sent immediately and not
just before reaching the response time (P2ServerMax respectively P2*ServerMax).
When the Dcm module calls an operation and gets an error status
DCM_E_FORCE_RCRRP, the DSL submodule will trigger the transmission of a
negative response with NRC 0x78 (Response pending). This response needs to be
sent from a separate buffer, in order to avoid overwriting the ongoing processing of the
request.
[SWS_Dcm_00020] d The DSL submodule shall save the level of the current active
security level. c(SRS_Diag_04005)
For accessing this level, the DSL submodule provides interfaces to:
• get the current active security level: Dcm_GetSecurityLevel
• set a new security level: DslInternal_SetSecurityLevel()
[SWS_Dcm_00033] d During Dcm initialization the security level is set to the value 0x00
(DCM_SEC_LEV_LOCKED). c(SRS_BSW_00101, SRS_Diag_04005)
[SWS_Dcm_00139] d The DSL shall reset the security level to the value 0x00 (i.e. the
security is enabled) under one of the following conditions: - if a transition from any
diagnostic session other than the defaultSession to another session other than the de-
faultSession (including the currently active diagnostic session) is performed or - if a
transition from any diagnostic session other than the defaultSession to the defaultSes-
sion (DslInternal_SetSecurityLevel()) (initiated by UDS Service DiagnosticSessionCon-
trol (0x10) or S3Server timeout) is performed. c()
Only one security level can be active at a time.
[SWS_Dcm_01329] d On every security level change the Dcm shall update the Mod-
eDeclarationGroup DcmSecurityAccess with the new security level. c()
[SWS_Dcm_CONSTR_6083] Dependency on DcmDspSecurityAttemptCoun-
terEnabled d If DcmDspSecurityNumAttDelay is not configured, the DcmDspSe-
curityAttemptCounterEnabled on the same DcmDspSecurityRow shall be set
to FALSE. c(SRS_Diag_04005)
Note: this may be the case when these values are stored within some specific non-
volatile memory.
[SWS_Dcm_CONSTR_6076] Dependency for DcmDspSecurityGetAttempt-
CounterFnc d DcmDspSecurityGetAttemptCounterFnc shall be present only if
DcmDspSecurityUsePort is set to USE_ASYNCH_FNC and DcmDspSecurityAt-
temptCounterEnabled is set to TRUE. c()
[SWS_Dcm_01352] d If the delay after the first call of the Dcm_MainFunction()
which is configured in DcmDspSecurityMaxAttemptCounterReadoutTime has
been reached and all the Xxx_GetSecurityAttemptCounter have not been called
yet (i.e. one operation has returned a DCM_E_PENDING status in the previous
Dcm_MainFunction() cycle), the pending operation shall be cancelled by a call with
the OpStatus set to DCM_CANCEL. c()
[SWS_Dcm_01353] d In the conditions of [SWS_Dcm_01352], the AttemptCounters
of remaining security levels (which have not been obtained via the calls to their
Xxx_GetSecurityAttemptCounter) shall be initialized with the value configured
in DcmDspSecurityNumAttDelay of the according SecurityLevel. c()
[SWS_Dcm_01354] d While not all Xxx_GetSecurityAttemptCounter operations
have returned a final status and the operation chain has not been cancelled, the con-
ditionsNotCorrect (0x22) NRC shall be returned to any SecurityAccess (0x27) request-
Seed subfunction request. c()
[SWS_Dcm_01355] d Once all the AttemptCounter values have been successfully
or unsuccessfully retrieved (all the Xxx_GetSecurityAttemptCounter() operations have
been executed and have returned a final, non-PENDING error value or the operation
chain has been cancelled), if at least one of the restored AttemptCounter values is
greater than or equal to the DcmDspSecurityNumAttDelay configured for its cor-
responding DcmDspSecurityRow, the Dcm shall start the SecurityDelayTimer with
the higher value of DcmDspSecurityDelayTimeOnBoot / DcmDspSecurityDe-
layTime of the according DcmDspSecurityRow. c()
[SWS_Dcm_01356] d A timer (DcmDspSecurityDelayTime, DcmDspSecurity-
MaxAttemptCounterReadoutTime) which is configured with 0 shall be considered
to have timed out instantaneously when it is started, i.e. shall have no delay effect. c()
[SWS_Dcm_CONSTR_6074] Dependency for DcmDspSecurityMaxAttempt-
CounterReadoutTime d DcmDspSecurityMaxAttemptCounterReadoutTime
shall be a multiple and at minimum equal to DcmTaskTime. c()
[SWS_Dcm_00022] d The DSL submodule shall save the state of the current active
session. c(SRS_Diag_04006)
For accessing this variable, the DSL submodule provides interfaces to:
• get the current active session: Dcm_GetSesCtrlType
• set a new session: DslInternal_SetSesCtrlType()
[SWS_Dcm_00034] d During Dcm initialization, the session state is set to the value
0x01 ("DefaultSession"). c(SRS_BSW_00101)
[SWS_Dcm_01062] d The call to Dcm_ResetToDefaultSession allows the appli-
cation to reset the current session to Default session and invokes the mode switch
of the ModeDeclarationGroupPrototype DcmDiagnosticSessionControl by calling
SchM_Switch_<bsnp>_DcmDiagnosticSessionControl(RTE_MODE_DcmDiagnostic
SessionControl_DCM_DEFAULT_SESSION). c()
Example: Automatic termination of an extended diagnostic session upon exceeding of
a speed limit.
The Dcm provides means for authenticated diagnostics. The DSL sub-module provides
an authentication state per diagnostic connection. It initializes this state upon startup
and takes care about fallback into non-authenticated states if the connection is idle for
some time.
[SWS_Dcm_01477] Authentication state per connection d The Dcm shall provide
an authentication state per configured DcmDslConnection. c(SRS_Diag_04230)
[SWS_Dcm_01478] Mode declaration group per authentication state d The Dcm
shall provide the state of each authentication state via the ModeDeclarationGroupPro-
totype DcmAuthentication_<ConnectionName>. c(SRS_Diag_04230)
The Dcm maintains an authentication state and mirrors this state to the mode dec-
laration group DcmAuthentication_<ConnectionName>. This mode declaration group
is intended to be changed only by the Dcm, however applications changing this state
have no influence on the Dcm authentication state.
[SWS_Dcm_01479] Authentication states d The Dcm shall support per connection
the two authentication states: c(SRS_Diag_04230)
• deauthenticated
• authenticated
Upon startup, the Dcm is in deauthenticated state or restores the persisted state. A
transition to authenticated state can only be done after the client successfully exe-
cuted the authentication sequence. In some use cases as in production, a frequent
power-on/power off sequence is performed. To keep the achieved authentication state
over the power off, there is a dedicated mode rule requesting the Dcm to persist the
authenticated state.
[SWS_Dcm_01480] Initialization of authentication state d If DcmDspAuthenti-
cationPersistStateModeRuleRef is not configured or the mode rule referenced
by DcmDspAuthenticationPersistStateModeRuleRef is evaluated to false, the
Dcm shall initialize within Dcm_Init all authentication states to deauthenticated state.
c(SRS_Diag_04230)
[SWS_Dcm_01481] Initialization of persisted authentication states d If the mode
rule referenced by DcmDspAuthenticationPersistStateModeRuleRef is eval-
uated to true, the Dcm shall initialize the persisted authentication state including role
and white list on each connection. c(SRS_Diag_04230)
Transitions between authenticated states are controlled by both DSL and DSP sub-
modules. The DSL sub-module is in charge for fallback of authenticated state into
deauthenticated state. The DSP sub-module is in charge for transition changes trig-
gered from a client by diagnostic services.
[SWS_Dcm_01482] Fallback to deauthenticated session on idle connection d The
Dcm shall make a transition from authenticated into deauthenticated state for a config-
ured connection if the following conditions apply:
• The Dcm was in default session when the last diagnostic response was send on
that connection and
• DcmDspAuthenticationDefaultSessionTimeOut is configured
and no valid diagnostic request was received on that connection for
DcmDspAuthenticationDefaultSessionTimeOut seconds after the
last Dcm_TpTxConfirmation on that connection.
c(SRS_Diag_04230)
[SWS_Dcm_01483] Fallback to deauthenticated session on S3server timeout d
If the Dcm is in a non-default session and a S3server timeout occurs, the Dcm
shall perform a transition from authenticated into deauthenticated state on the au-
thentication state assigned to that connection which was in a non-default session. c
(SRS_Diag_04230)
[SWS_Dcm_01484] Clearing persisted authentication state d If the authentication
state of a connection performs a transition to deauthenticated state, the Dcm shall clear
all persisted authentication information on that connection. c(SRS_Diag_04230)
[SWS_Dcm_01485] Reaction of fallback into deauthenticated state d Upon a tran-
sition from authenticated into deauthenticated state, the Dcm shall discard the current
role, white list and use the configured deauthentication role from DcmDspAuthenti-
cationDeauthenticatedRole. c(SRS_Diag_04230)
In some use cases, it is desirable that the application set the role instead of using
a diagnostic service with its potentially time-consuming certificate parsing. The Dcm
provides the API Dcm_SetDeauthenticatedRole to overwrite the configured deau-
thentication role. The overwritten role is only valid in deauthenticated state will not be
persisted and is overwritten by a role provided by certificates via service 0x29.
[SWS_Dcm_01486] Default authentication role set from SWC d If a connection is
in deauthenticated state and the API Dcm_SetDeauthenticatedRole is called, the
Dcm shall use the provided deauthenticatedRole as new role per deauthenticated state
for this connection. c(SRS_Diag_04230)
[SWS_Dcm_01487] Setting deauthenticated role by SWC only in deauthenticated
state d The Dcm shall process a call of Dcm_SetDeauthenticatedRole only if the
connection is in deauthenticated state. c(SRS_Diag_04230)
[SWS_Dcm_01488] Lifetime of deauthenticated role by SWC d A deauthenticated
role set by Dcm_SetDeauthenticatedRole is discarded when that connection per-
forms a transition authenticated state. c(SRS_Diag_04230)
[SWS_Dcm_01489] No persistency for deauthenticated roles by SWC d At startup
the ECU shall always use the deauthentication state configured in DcmDspAuthen-
ticationDeauthenticatedRole. c(SRS_Diag_04230)
[SWS_Dcm_00141] d
Subsequent start:
• Completion of any final response message or an error indication
(Dcm_TpTxConfirmation: confirmation of complete PDU or indication of
an error)
• Completion of the requested action in case no response message (positive and
negative) is required / allowed.
• Indicates an error during the reception of a multi-frame request mes-
sage.(Dcm_TpRxIndication: indication of an error)
Subsequent stop:
• Start of a multi-frame request message (Dcm_StartOfReception: indicates
start of PDU reception)
• Reception of single-frame request message. (Dcm_StartOfReception: indi-
cates start of PDU reception)
"Start of S3Server" means reset the timer and start counting from the beginning. c()
[SWS_Dcm_00027] d The Dcm module shall handle the following protocol tim-
ing parameters in compliance with [4]: P2ServerMin, P2ServerMax, P2*ServerMin,
P2*ServerMax, S3Server c(SRS_Diag_04015)
[SWS_Dcm_00143] d P2min / P2*min and S3Server shall be set to defined values:
P2min = 0ms, P2*min = 0ms, S3Server = 5s. c(SRS_Diag_04015)
These protocol timing parameters have influence on the session layer timing (no influ-
ence on Transport Layer timing). Some of these timing parameters can be modified
while protocol is active with the following means:
• UDS Service DiagnosticSessionControl (0x10)
• UDS Service AccessTimingParameter (0x83)
The DSL submodule provides the following functionalities to modify the timing parame-
ters:
• Provide the active timing parameters,
• Set the new timing parameters. Activation of new timing values is only allowed
after sending the response.
For the different protocols a different set of allowed diagnostic services is valid (e.g.
the UDS commands for the enhanced diagnosis, the OBD mode services for the OBD
protocol). It is possible to create different service tables and link them to the diagnostic
protocol.
[SWS_Dcm_00035] d With every protocol initialization, the DSL submodule sets a link
to the corresponding service table (see configuration parameter DcmDslProtocol-
SIDTable). c(SRS_BSW_00101)
The DSD submodule uses this link for further processing of diagnostic requests.
A protocol stop can appear only in case of protocol preemption (see chapter 7.3.4.16.3
Preemption of protocol).
[SWS_Dcm_00624] d With the reception of Dcm_TpTxConfirmation connected to
the response given by the DSL submodule, the Dcm shall not stop the current protocol
(no call to xxx_StopProtocol). c()
Note: A protocol (e.g. OBD) will be active till reset or other protocol preempts.
[SWS_Dcm_01190] d If Xxx_StopProtocol() doesn’t return E_OK, the Dcm shall return
NRC 0x22. c()
Due to limited resources, the following points should be considered as hints for the
design:
• It is allowed to use and allocate only one diagnostic buffer in the Dcm module.
This buffer is then used for processing the diagnostic requests and responses.
• Output of NRC 0x78 (Response pending) responses is done with a separate
buffer.
• paged-buffer handling (see [SWS_Dcm_00028]).
Communication Mode Handling is an interface between Dcm and ComM. The ComM
informs the Dcm about the current communication state of a channel. The Dcm is calling
the ComM about active Diagnostic which shall prevent an Ecu shutdown/sleep.
The status ActiveDiagnostic shows if diagnostic requests shall keep the ECU awake
(ActiveDiagnostic ==’DCM_COMM_ACTIVE’) or if diagnostic requests shall not pre-
vent an Ecu shutdown/sleep (ActiveDiagnostic ==’DCM_COMM_NOT_ACTIVE’). Ap-
plication can change the status ActiveDiagnostic regarding to system conditions.
[SWS_Dcm_CONSTR_6027] d The application will inform the Dcm by calling
Xxx_SetActiveDiagnostic() about the ActiveDiagnostic status. c()
[SWS_Dcm_01069] d After Dcm_Init, the Dcm shall set ActiveDiagnostic to
’DCM_COMM_ACTIVE’. c()
[SWS_Dcm_01070] d If Xxx_SetActiveDiagnostic() is called with ’false’ the Dcm set
ActiveDiagnostic to ’DCM_COMM_NOT_ACTIVE’. c()
[SWS_Dcm_01071] d If Xxx_SetActiveDiagnostic() is called with ’true’ the Dcm set
ActiveDiagnostic to ’DCM_COMM_ACTIVE’. c()
[SWS_Dcm_01142] d The Dcm shall wait the Full Communication mode indication
from the ComM (call to Dcm_ComM_FullComModeEntered) before initiating the trans-
mission of the diagnostic answer. The time to wait should be no longer than the
P2ServerMax calculated from the moment the request was received. c()
[SWS_Dcm_01143] d If the Dcm fails to confirm a response pending transmission
(DCM_E_FORCE_RCRRP) due to [SWS_Dcm_01142], the Dcm shall trigger the Det
error DCM_E_FORCE_RCRRP_IN_SILENT_COMM. c()
Note : On the reception side a silent communication mode can lead to the lost of the
request in case of segmented transmission.
7.3.4.18.1 No Communication
The ComM module will indicate the No Communication Mode to the Dcm module by
calling Dcm_ComM_NoComModeEntered. In response, the Dcm will immediately dis-
able all transmissions (see the definition of Dcm_ComM_NoComModeEntered for de-
tails).
[SWS_Dcm_00148] d Dcm_ComM_NoComModeEntered shall disable all kinds of
transmissions (receive and transmit) of communication. This means that the message
reception and also the message transmission shall be off. c()
[SWS_Dcm_00149] d Dcm_ComM_NoComModeEntered shall disable the Respon-
seOnEvent transmissions. c()
[SWS_Dcm_00150] d Dcm_ComM_NoComModeEntered shall disable the periodicId
transmissions (ReadDataByPeriodicIdentifier). c()
[SWS_Dcm_00151] d Dcm_ComM_NoComModeEntered shall disable normal trans-
missions. c()
[SWS_Dcm_00152] d After Dcm_ComM_NoComModeEntered has been called, the
Dcm module shall not call the function PduR_DcmTransmit(). c()
[SWS_Dcm_01324] d In case Dcm_ComM_NoComModeEntered is called with a Net-
workId for a ComM channel not referenced within the Dcm (see configuration parame-
ter DcmDslProtocolComMChannelRef), the Dcm shall return without performing any
further action. c()
The ComM module will indicate the Silent Communication Mode to the Dcm module by
calling Dcm_ComM_SilentComModeEntered. In response, the Dcm will immediately
disable all transmissions (see the definition of Dcm_ComM_SilentComModeEntered
for details).
The ComM module will indicate the Full Communication Mode to the Dcm module by
calling Dcm_ComM_FullComModeEntered. In response, the Dcm will enable all trans-
missions (see the definition of Dcm_ComM_FullComModeEntered for details).
[SWS_Dcm_00157] d Dcm_ComM_FullComModeEntered shall enable all kind of
communication. This means that the message reception and also the message trans-
mission shall be on. c()
[SWS_Dcm_00159] d Dcm_ComM_FullComModeEntered shall enable the Respon-
seOnEvent transmissions. c()
[SWS_Dcm_00160] d Dcm_ComM_FullComModeEntered shall enable the periodicId
transmissions (ReadDataByPeriodicIdentifier). c()
[SWS_Dcm_00161] d Dcm_ComM_FullComModeEntered shall enable the normal
transmissions. c()
[SWS_Dcm_00162] d After Dcm_ComM_FullComModeEntered has been called, the
Dcm shall handle the functions DslInternal_ResponseOnOneDataByPeriodicId() or
DslInternal_ResponseOnOneEvent() without restrictions. c()
[SWS_Dcm_01326] d In case Dcm_ComM_FullComModeEntered is called with a
NetworkId for a ComM channel not referenced within the Dcm (see configuration pa-
rameter DcmDslProtocolComMChannelRef), the Dcm shall return without perform-
ing any further action. c()
The Dcm notifies the ComM module about the internal diagnostic state for all networks.
There are two options for the diagnostic state on a network. In ’active’ diagnostic state,
the Dcm is processing one or more diagnostic requests from this network or the Dcm is
in a non-default session. In ’inactive’ diagnostic state, the Dcm is in default session and
is not processing a diagnostic request on that network.
When a network has no communication in progress, the Dcm will set the diagnostic ac-
tivation state to ’inactive’. When there is a diagnostic communication on a network the
Dcm sets the diagnostic state to ’active’. In any non-default session, the diagnostic state
remains in state ’active’. The communication state can also be controlled by the API
Xxx_SetActiveDiagnostic according to [SWS_Dcm_01070] and [SWS_Dcm_01071].
[SWS_Dcm_01373] d The Dcm shall go into ’active’ diagnostic state on a network, if
a diagnostic request is received on a network or the diagnostic session is changed to
any non-default session. c(SRS_Diag_04006)
[SWS_Dcm_01374] d The Dcm shall go into ’inactive’ diagnostic state on a network
when the current diagnostic request processing is finished and the Dcm is not process-
ing a diagnostic request of another protocol on this network and if the Dcm is in default
session. c(SRS_Diag_04006)
[SWS_Dcm_01375] d The Dcm shall go into ’inactive’ diagnostic state on all networks
if a S3Server timeout occurs and the Dcm makes a transition into default session. c
(SRS_Diag_04006)
[SWS_Dcm_01376] d If ActiveDiagnostic is ’DCM_COMM_ACTIVE’ and the Dcm is
doing a transition into ’active’ diagnostic state of a diagnostic protocol, the Dcm shall
call ComM_DCM_ActiveDiagnostic(NetworkId), with the networkId associated to the
received Pdu (see DcmDslProtocolComMChannelRef), with every request, to in-
form the ComM module about the need to stay in Full Communication Mode. c
(SRS_Diag_04006)
[SWS_Dcm_01377] d Upon a diagnostic state transition into ’inactive’, the Dcm shall
notify the ComM module about an inactive diagnostic state on a network by calling
ComM_DCM_InactiveDiagnostic(NetworkId), with the networkId associated to the re-
ceived Pdu (see DcmDslProtocolComMChannelRef). c(SRS_Diag_04006)
[SWS_Dcm_01378] d The definition of a finished diagnostic request according to
[SWS_Dcm_01374], shall be as follows:
• the Dcm has sent a positive or negative response unequal to NRC 0x78 by receiv-
ing the Dcm_TpTxConfirmation connected to the response given by the DSL
submodule
• the Dcm has processed the service with SPRMIB=true and the positive response
was suppressed
• in case of functional addressing, the Dcm has processed the service and the
negative response was suppressed.
c(SRS_Diag_04006)
7.4.1 Introduction
The DSD submodule is responsible to check the validity of an incoming diagnostic re-
quest (Verification of Diagnostic Session/Security Access levels/Application permis-
sion) and keeps track of the progress of a service request execution.
[SWS_Dcm_00178] d The DSD submodule shall only process valid requests and shall
reject invalid ones. c()
The following use cases are relevant and are described in detail in the following:
• Receive a request message and transmit a positive response message
• Receive a request message and suppress a positive response
• Receive a request message and suppress a negative response
• Receive a request message and transmit a negative response message
• Send a positive response message without corresponding request
• Segmented Responses
This is the standard use case of normal communication ("ping-pong"). The server
receives a diagnostic request message. The DSD submodule ensures the validity of
the request message. In this use case, the request is valid and the response will be
positive. The request will be forwarded to the appropriate data processor in the DSP
submodule. When the data processor has finished all actions of data processing, it
triggers the transmission of the response message by the DSD submodule.
If the data processor processes the service immediately as part of the request indica-
tion function, the data processor can trigger the transmission inside this indication func-
tion ("synchronous"). If the processing takes a longer time (e. g. waiting on EEPROM
driver), the data processor defers some processing ("asynchronous"). The response
pending mechanism is covered by the DSL submodule. The data processor triggers
the transmission explicitly, but from within the data processor’s context.
This is a sub-use-case of the previous one. Within the UDS protocol it is possible
to suppress the positive response by setting a special bit in the request message
(see [SWS_Dcm_00200]). This special suppression handling is completely performed
within the DSD submodule.
In case of functional addressing the DSD submodule shall suppress the negative re-
sponse for NRC 0x11, 0x12, 0x31, 0x7E and 0x7F (see [SWS_Dcm_00001]).
There are a many different reasons why a request message is rejected and a negative
response is to be sent. If a diagnostic request is not valid or if a request may not be
executed in the current session, the DSD submodule will reject the processing and a
negative response will be returned.
But there are even many reasons to reject the execution of a well-formed request mes-
sage, e.g. if the ECU or system state does not allow the execution. In this case, the
DSP submodule will trigger a negative response including an NRC supplying additional
information why this request was rejected.
In case of a request composed of several parameters (e.g. a UDS Service Read-
DataByIdentifier (0x22) request with more than one identifier to read), each parameter
is treated separately. And each of these parameters can return an error. This kind of
request returns a positive response if at least one of the parameters was processed
successfully.
[SWS_Dcm_00827] d The DSD sub-module shall check the received diagnostic re-
quest in the order given by ISO14229-1 [1]. If one of the computations failed the Dcm
shall stop the execution of the NRC check sequence then stop or do not start the ex-
ecution of the received diagnostic request and finally transmit the NRC for which the
computation failed. c()
There are two services within the UDS protocol, where multiple responses are sent for
only one request. In general, one service is used to enable (and disable) an event- or
time-triggered transmission of another service, which again is sent by the ECU without
a corresponding request (see ISO14229-1 [1]). These services are:
• UDS Service ReadDataByPeriodicIdentifier (0x2A). This service allows the client
to request the periodic transmission of data record values from the server identi-
fied by one or more periodicDataIdentifiers.
Type 2 = UUDT message on a separate DcmTxPduId.
• ResponseOnEvent (0x86). This service requests a server to start or stop trans-
mission of responses on a specified event.
Type 1 = USDT messages on the DcmTxPduId already used for normal diagnos-
tic responses,
Type 2 = USDT messages on separate DcmTxPduId.
For Type 1, the outgoing messages must be synchronized with "normal outgoing
messages", which have a higher priority.
This handling is especially controlled by the DSL submodule. However, the DSD sub-
module also provides the possibility to generate a response without a corresponding
request.
Within the diagnostic protocol, some services allow to exchange a significant amount
of data, e.g. UDS Service ReadDTCInformation (0x19) and UDS Service TransferData
(0x36).
In the conventional approach, the ECU internal buffer must be large enough to keep
the longest data message which is to be exchanged (worst-case) and the complete
buffer is filled before the transmission is started.
RAM memory in an ECU often is a critical resource, especially in smaller micros. In
a more memory-saving approach, the buffer is filled only partly, transmitted partly and
then refilled partly - and so on. This paging mechanism requires only a significantly re-
duced amount of memory, but demands a well-defined reaction time for buffer refilling.
The user can decide whether to use the "linear buffer" or paged-buffer for diagnostics.
The DSD submodule is called by the DSL submodule when receiving a diagnostic mes-
sage and performs the following operations:
• delegates processing of request to the DSP submodule or external modules out-
side the Dcm
• keeps track of request processing (Return the status on <Module>_<Diagnos-
ticService>() and <Module>_<DiagnosticService>_<SubService>() APIs call or
"Service Interpreter calls")
• transmits the response of the Application to the DSL submodule (Transmit func-
tionality)
Direction Explanation
Bidirectional Exchange of the Diagnostic Messages (receive/transmit).
DSD submodule to DSL Obtain latest diagnostic session and latest security level.
submodule
DSL submodule to DSD Confirmation of transmission of Diagnostic Message.
submodule
Table 7.5: Interaction between the DSD submodule and the DSL submodule
Direction Explanation
DSD submodule to DSP - Delegate processing of request.
submodule - Confirmation of transmission of Diagnostic Message.
DSP submodule to DSD - Signal that processing is finished.
submodule
7.4.4.1 Support checking the diagnostic service identifier and adapting the di-
agnostic message
The DSD submodule shall be triggered by the DSL submodule if a new diagnostic mes-
sage is recognized. The DSD submodule will start processing by analyzing the diag-
nostic service identifier contained in the received diagnostic message.
2. The DSL submodule indicates a new diagnostic message with the "Data Indica-
tion" functionality to the DSD submodule. In the diagnostic message buffer the
diagnostic message is stored (buffer = 0x2E,0xF1,0x90,..).
3. The DSD submodule executes a check of the supported services with the de-
termined service identifier (first byte of buffer 0x2E) on the incoming diagnostic
message.
4. The incoming diagnostic message is stored in the Dcm variable
Dcm_MsgContextType.
[SWS_Dcm_CONSTR_6047] d Id of the Service identifier configured in DcmDsd-
SidTabServiceId shall be unique within one DcmDsdServiceTable. c()
[SWS_Dcm_00732] d For the first call of <Module>_<DiagnosticService> the opStatus
shall be set to DCM_INITIAL c()
[SWS_Dcm_00733] d The Dcm shall not accept further requests (on same or lower
priority) while <Module>_<DiagnosticService>() returns DCM_E_PENDING. Dcm-
internal timeout handling (based on RCR-RP limitation) may lead to a cancellation
of the external diagnostic service processing. c()
[SWS_Dcm_00735] d In case of cancellation the API <Module>_<DiagnosticService>
is called again with the parameter opStatus set to DCM_CANCEL c()
Prior of execution of a received diagnostic service, the DSD performs a set of verifica-
tions. The DSD will only accept a service, if all verifications are successfully passed.
[SWS_Dcm_01535] DSD verifications prior of service execution d The Dcm shall
only accept a diagnostic request, if the following verifications have been passed in the
following order: c(SRS_Diag_04230, SRS_Diag_04005, SRS_Diag_04006)
1. Verification of Manufacturer permission (Call of the manufacturer interface indi-
cation operation)
2. Verification of the SID
3. Verification of the service access control on the current authentication state
4. Verification of the Diagnostic Session
5. Verification of the Service Security Access levels
6. Verification of the Supplier permission (Call of the Supplier interface indication
operation)
7. Verification of the Mode rules for service IDs.
[SWS_Dcm_01474] d In case the DSD generates a NRC, the Dcm shall only call
XXX_Confirmation. c(SRS_Diag_04019)
This means that the Dcm will not call DspInternal_DcmConfirmation().
The UDS service Authentication (0x29) is used to change the authentication state of a
diagnostic connection and to provide the access rights. Depending on the reached role
and provided white list a dynamic set of diagnostic services is available for the tester
on that connection. The DSD submodule verifies on service ID (SID) and sub-function
(SF) level, if a service can be executed or not.
[SWS_Dcm_01536] Authentication on UDS services only d The Dcm shall only ver-
ify the authentication for UDS services. A UDS service has a service ID within the
range of 0x10 and 0xFF. c(SRS_Diag_04230)
OBD services are explicitly excluded from authentication checks. By legislation the
OBD services need to be always available, independent from active authentication
state. If WWH-OBD is used the system engineer must ensure that these services are
always accessible.
[SWS_Dcm_01537] Verifying access rights d The Dcm shall only verify and check
the configured access rights of a diagnostic service, if the container DcmDspAuthen-
tication is configured. c(SRS_Diag_04230)
If no DcmDspAuthentication is configured, the Dcm will process all diagnostic services
as if the current connection would grant access to execute the current processed ser-
vice. Checking the access rights for diagnostic services is done at different levels of
the service structure. The use of diagnostic service access rights introduces means to
allow or to refuse a diagnostic service due to current roles and authentication states.
Some services shall always be allowed to be executed, like the service 0x29 (Authen-
tication) to set the current tester access rights. This service and other OEM or sup-
plier specific services should have granted access independent from the authentication
state. To realize this, the Dcm uses a default role that is used in all deauthenticated
states. In that state, all role based verifications are done as in authenticated state. The
active role is provided by the configuration.
[SWS_Dcm_01538] Access rights for services in deauthenticated state d If the
current connection is in deauthenticated state, the Dcm shall use the role configured
in DcmDspAuthenticationDeauthenticatedRole as current role for all role based access
verification checks. c(SRS_Diag_04230)
[SWS_Dcm_01539] Definition of allowed service execution d The Dcm shall allow
the service execution, if a role verification was successful or the service is allowed by
the white list. c(SRS_Diag_04233)
[SWS_Dcm_01540] Diagnostic service execution rights verification d The Dcm
shall check if a service execution is permitted in the current authentication check or
not. The Dcm shall perform the following checks in the given order below. If a check
grants access to a service, the remaining checks are skipped:
1. Checks on service ID level
2. Checks on service ID and sub-function level
3. Checks for services with one or multiple DIDs
4. Check on dynamically defined DIDs
5. Checks on service 0x31 per sub-function
6. Checks on service 0x19 parameter MemorySelection
c(SRS_Diag_04233)
[SWS_Dcm_01541] Service ID authentication check for UDS service requests d
Upon processing a diagnostic service, the Dcm shall grant access to the diagnostic
service if:
On receiving a service request, the DSD module will obtain the current Diagnostic
Session with Dcm_GetSesCtrlType and will verify whether the execution of the re-
quested service (NOT the UDS Service DiagnosticSessionControl (0x10)) and sub-
service is allowed in the current diagnostic session or not.
Note that the handling of the UDS Service DiagnosticSessionControl (0x10) itself is not
part of the DSD submodule.
[SWS_Dcm_00211] d If the newly received diagnostic service is not allowed in the cur-
rent Diagnostic Session (according to the configuration parameter DcmDsdSidTab-
SessionLevelRef), the DSD submodule shall transmit a negative response with NRC
0x7F (serviceNotSupportedInActiveSession) to the DSL submodule. c()
[SWS_Dcm_00616] d If the newly received diagnostic service is allowed in the current
Diagnostic Session ( see [SWS_Dcm_00211]), but the requested subservice is not
allowed in the current Diagnostic Session (according to the configuration parameter
DcmDsdSubServiceSessionLevelRef), the DSD submodule shall transmit a neg-
ative response with NRC 0x7E (subFunctionNotSupportedInActiveSession) to the DSL
submodule. c()
The purpose of the Security Access level handling is to provide a possibility to access
data and/or diagnostic services, which have restricted access for security, emissions, or
safety reasons. The DSD submodule shall perform this handling with the UDS Service
SecurityAccess (0x27). The DSD submodule will perform a verification whether the
execution of the requested service (NOT the UDS Service SecurityAccess (0x27)) is
allowed in the current Security level by asking for the current security level, using the
DSL function Dcm_GetSecurityLevel.
The management of the security level is not part of the DSD submodule.
Note: For some use cases (e.g. UDS Service ReadDataByIdentifier (0x22), where
some DataIdentifier can be secure) it will be necessary for the Application to call also
the function Dcm_GetSecurityLevel.
[SWS_Dcm_00217] d If the newly received diagnostic service is not allowed in the
current Security level (according to the configuration parameter DcmDsdSidTabSe-
curityLevelRef), the DSD submodule shall transmit a negative response with NRC
0x33 (Security access denied) to the DSL submodule. c()
[SWS_Dcm_00617] d If the newly received diagnostic service is allowed in the current
Security level ( see [SWS_Dcm_00217]), but the requested subservice is not allowed in
the current Security level (according to the configuration parameter DcmDsdSubSer-
viceSecurityLevelRef), the DSD submodule shall transmit a negative response
with NRC 0x33 (Security access denied) to the DSL submodule. c()
The DSD submodule checks whether a specific subfunction is supported before exe-
cuting the requested command.
[SWS_Dcm_00273] General sub-function supported NRC check d The DSD shall
send the negative response NRC 0x12 (sub-functionNotSupported ), if for the pro-
cessed service no configured DcmDsdSubService exists with the DcmDsdSubSer-
viceId of the processed service. This NRC check shall not be done for UDS Service
0x31 (RoutineControl). c()
The DSD submodule will check for the minimum message length before executing the
requested command.
[SWS_Dcm_00696] d The DSD submodule shall trigger a negative response with NRC
0x13 (Incorrect message length or invalid format), if the length of the request is inferior
to the minimum length of the request. c()
[SWS_Dcm_01411] d If DcmDsdSubService is configured for a DcmDsdService,
the Dcm shall support the sub-function configured in DcmDsdSubServiceId with
SPRMIB set to 0 or 1. c()
The purpose of this functionality is that, just after receiving the diagnostic request, the
Manufacturer Application is requested to check permission/environment.
E.g. in after-run ECU state, it might be not allowed to process OBD requests.
[SWS_Dcm_00218] d If container DcmDsdServiceRequestManufacturerNoti-
fication exists, the DSD submodule shall call the operation Xxx_Indication on
all configured ServiceRequestIndication ports (see configuration parameter DcmDsd-
ServiceRequestManufacturerNotification). c()
The purpose of this functionality is that, right before processing the diagnostic mes-
sage, the Supplier Application is requested to check permission/environment.
E.g. in after-run ECU state, it might be not allowed to process OBD requests.
[SWS_Dcm_00516] d If container DcmDsdServiceRequestSupplierNotifica-
tion exists, the DSD submodule shall call the operation Xxx_Indication on all
configured ServiceRequestIndication ports (see configuration parameter DcmDsdSer-
viceRequestSupplierNotification). c()
[SWS_Dcm_00517] d If at least a single Xxx_Indication function called according
to [SWS_Dcm_00516] returns E_REQUEST_NOT_ACCEPTED, the DSD submodule
shall give no response. c()
[SWS_Dcm_00518] d If at least a single Xxx_Indication function called accord-
ing to [SWS_Dcm_00516] has returned E_NOT_OK and no function has returned
E_REQUEST_NOT_ACCEPTED, the DSD submodule shall trigger a negative re-
sponse with NRC from the ErrorCode parameter. c()
[SWS_Dcm_01322] d If more than one Xxx_Indication function called, accord-
ing to [SWS_Dcm_00516], has returned E_NOT_OK and no function has returned
E_REQUEST_NOT_ACCEPTED, the DSD submodule shall trigger a negative re-
sponse using the ErrorCode parameter from the first Xxx_Indication returning
E_NOT_OK. c(SRS_Diag_04011)
[SWS_Dcm_00221] d The DSD submodule shall search for the executable functionality
of the DSP submodule for newly received diagnostic service identifier and shall call the
corresponding DSP service interpreter. c()
[SWS_Dcm_00222] d When the DSP submodule has finished the execution of the re-
quested Diagnostic Service the DSD submodule shall assemble the response. c()
The execution of the DSP service interpreter can have the results:
• positive Result or
• negative Result.
Following possible Responses can be assembled:
• positive Response,
• negative Response, or
• no Response (in the case of suppression of responses).
[SWS_Dcm_00223] d The DSD submodule shall add the response service identi-
fier and the response data stream (returned by the Application) in the parameter
"Dcm_MsgContextType". c()
[SWS_Dcm_00224] d The DSD submodule shall therefore transfer the
Dcm_MsgContextType into a (response) buffer and shall add the service identi-
fier at the first byte of the buffer. c()
[SWS_Dcm_00225] d The DSD submodule shall execute the "Initiate transmission"
functionality in the next execution step. c()
The DSP submodule can trigger the transmission of a negative response with a specific
NRC to the DSD submodule. For the allowed NRC of the executed Service ID please
refer to the specification of the service in ISO14229-1 [1] (see Section 4.2.4 Response
code parameter definition Table 12) and ISO15031-5 [2]. The DSP and the Application
have to take care of the correct use of NRC of the executed Service ID.
[SWS_Dcm_00228] d The DSD submodule shall handle all NRCs supported from the
Application and defined in Dcm_NegativeResponseCodeType. c()
[SWS_Dcm_00240] d In case the request has been fully processed by the Dcm, The
DSD submodule shall finish the processing of one Diagnostic Message of the Diagnos-
tic Service Dispatcher by calling DspInternal_DcmConfirmation(). c()
Rationale for [SWS_Dcm_00240]: The DSP submodule is waiting for the execution of
the DspInternal_DcmConfirmation() functionality. So it has to be sent, also when no
Data Confirmation is provided. Altogether this means that in any of the following cases:
• Positive Response,
• Negative Response,
• Suppressed Positive Response, and
• Suppressed Negative Response
The DSD submodule will finish by calling DspInternal_DcmConfirmation() (refer to
8.10.3 DspInternal_DcmConfirmation).
[SWS_Dcm_00741] d The DSD submodule shall call the operation Xxx_Confirmation()
on all ports using the ServiceRequestNotification interface (see configuration param-
eter DcmDsdServiceRequestManufacturerNotification and DcmDsdSer-
viceRequestSupplierNotification) c()
[SWS_Dcm_00742] d The call of Xxx_Confirmation() shall be done right after the call
of DspInternal_DcmConfirmation() c()
[SWS_Dcm_00677] d If the operation Indication() returns value
E_REQUEST_NOT_ACCEPTED, the Dcm module shall not send any diagnostic
response and shall end the current diagnostic request management. c()
[SWS_Dcm_00678] d If the operation Indication() returns value E_NOT_OK, the Dcm
module shall send a negative response with NRC value equal to ErrorCode parameter
value. c()
7.5.1 General
When receiving a function call from the DSD submodule requiring the DSP submodule
to process a diagnostic service request, the DSP always carries out following basic
process steps:
• analyze the received request message,
• check format and whether the addressed subfunction is supported,
• acquire data or execute the required function call on the DEM, SW-Cs or other
BSW modules
• assemble the response
The DSP submodule will check for appropriate message length and structure before
executing the requested command.
[SWS_Dcm_00272] d The DSP submodule shall trigger a negative response with NRC
0x13 (Incorrect message length or invalid format), when the analysis of the request
message results in formatting or length failure. c()
Note: It is up to the implementation in which detail the format check might be executed
and depends on the level of detail the diagnostic data description provides at compile
time.
[SWS_Dcm_00039] d The DSP submodule shall assemble the response message ex-
cluding response service identifier and determine the response message length. c
()
[SWS_Dcm_00038] d If the paged-buffer mechanism is used, the DSP submodule shall
determine the overall response length before any data is passed to the DSD submodule
or the DSL submodule respectively. c()
Requirement [SWS_Dcm_00038] is needed because of segmented diagnostic data
transmission on CAN using ISO15765-2 [12], which requires the provision of the over-
all length of the complete data stream in the very first CAN frame of the respective
data transmission (please refer to Section 7.3.4.9 for details about the paged-buffer
mechanism).
ErrorCode and the application sets this parameter to DCM_POS_RESP and E_NOT_OK
is returned, the Dcm shall report the runtime error DCM_E_INVALID_VALUE. c()
[SWS_Dcm_00275] d The DSP submodule shall trigger a negative response with NRC
0x31 (Request out of range), when the analysis of the request message results in other
unsupported message parameters. c()
[SWS_Dcm_00775] d The Dcm shall act as a mode manager for the diagnostic modes:
1. DcmDiagnosticSessionControl (service 0x10)
2. DcmEcuReset (partly service 0x11)
3. DcmSecurityAccess (service 0x27)
4. DcmModeRapidPowerShutDown (partly service 0x11)
5. DcmCommunicationControl_<symbolic name of ComMChannelId>. (service
0x28)
6. DcmControlDTCSetting (service 0x85)
7. DcmResponseOnEvent_<RoeEventID> (service 0x86)
8. DcmAuthenticationState_<Symbolic Name of DcmDslMainConnection>
c()
Note: The RTE/SchM will prefix the names with "MODE_", wherefore the names do
not include the MODE keyword.
[SWS_Dcm_01327] d The Dcm shall define the ModeDeclarationGroupPrototype
DcmSecurityAccess as provided-ModeGroup based on the following ModeDeclara-
tionGroup:
1 ModeDeclarationGroup DcmSecurityAccess {
2 {
3 DCM_SEC_LEV_LOCKED
4 DCM_SEC_LEV_1
5 ...
6 DCM_SEC_LEV_63
7 }
8 initialMode = DCM_SEC_LEV_LOCKED
9 };
c()
[SWS_Dcm_01328] d
1 ModeSwitchInterface SchM_Switch_<bsnp>_DcmSecurityAccess {
2 isService = true;
3 SecLevel currentMode;
4 };
c()
[SWS_Dcm_00806] d The Dcm shall define the ModeDeclarationGroupPrototype
DcmDiagnosticSessionControl as provided-ModeGroup based on the ModeDeclara-
tionGroup DcmDiagnosticSessionControl. c()
[SWS_Dcm_00777] d The Dcm shall define the ModeDeclarationGroupPrototype
DcmEcuReset as provided-ModeGroup in its Basic Software Module instance based
on the ModeDeclarationGroup DcmEcuReset. c()
[SWS_Dcm_00807] d The Dcm shall define the ModeDeclarationGroupPrototype Dcm-
ModeRapidPowerShutDown as provided-ModeGroup in its Basic Software Module in-
stance based on the ModeDeclarationGroup DcmModeRapidPowerShutDown. c()
[SWS_Dcm_00780] d The Dcm shall define for each network which is consid-
ered in the CommunicationControl service a separate ModeDeclarationGroupProto-
type DcmCommunicationControl_<symbolic name of ComMChannelId> as provided-
ModeGroup in its Basic Software Module instance based on the ModeDeclara-
tionGroup DcmCommunicationControl. c()
[SWS_Dcm_00781] d The Dcm shall define the ModeDeclarationGroupPrototype Dcm-
ControlDTCSetting as provided-ModeGroup in its Basic Software Module instance
based on the ModeDeclarationGroup DcmControlDTCSetting. c()
[SWS_Dcm_00933] d The Dcm shall define for each RoeEvent a separate ModeDec-
larationGroupPrototype DcmResponseOnEvent_<Symbolic name of RoeEventId> as
provided-ModeGroup in its Basic Software Module instance based on the ModeDecla-
rationGroup DcmResponseOnEvent. c()
The Dcm provides a state machine for each RoeEvent (see Figure 7.4). The state for
a RoeEvent is needed by SWC to activate event reporting or report the Roe status to
a Did. Therefore the Dcm provides for each state of each RoeEvent a ModeDeclara-
tionGroupPrototype which reports the current state of the state machine as mode.
[SWS_Dcm_00934] d The ModeDeclarationGroupPrototype shall represent the cur-
rent state of the ROE state machine for this RoeEvent. c()
Example 2:
1) DcmModeRule1 uses an AND combination (DcmModeCondition1 AND Dcm-
ModeRule2 AND DcmModeRule3)
a) DcmModeCondition1 is failing
–> NRC 0x22 is returned
b) DcmModeRule2 is failing
–> NRC 0x72 is returned
c) DcmModeRule3 is failing
–> NRC 0x22 is returned
d) DcmModeCondition1, DcmModeRule2 and DcmModeRule3 are failing
–> NRC 0x22 is returned
e) DcmModeCondition1 and DcmModeRule3 are failing
–> NRC 0x22 is returned
e) DcmModeRule2 and DcmModeRule3 are failing
–> NRC 0x72 is returned
7.5.1.7 Passing SwDataDefProps properties from DEXT file to the Dcm Service
SW-C
[SWS_Dcm_01412] d If a Dem function returns DEM_PENDING, the Dcm shall call this
function again at a later point in time as long as DEM_PENDING is returned. c()
[SWS_Dcm_00442] d The Dcm module shall implement the services of UDS according
to Table 7.7.c()
SID Service Subfunction Supported
0x10 DiagnosticSessionControl Supported
0x11 ECUReset Supported
0x14 ClearDiagnosticInformation Supported
0x19 ReadDTCInformation Supported
0x22 ReadDataByIdentifier Supported
0x23 ReadMemoryByAddress Supported (callout)
0x24 ReadScalingDataByIdentifier Supported
0x27 SecurityAccess Supported
0x28 CommunicationControl Supported
0x29 Authentication Supported
0x2A ReadDataByPeriodicIdentifier Supported
0x2C DynamicallyDefineDataIdentifie Supported
0x2E WriteDataByIdentifier Supported
0x2F InputOutputControlByIdentifier Supported
0x31 RoutineControl Supported
0x34 RequestDownload Supported (callout)
0x35 RequestUpload Supported (callout)
0x36 TransferData Supported
0x37 RequestTransferExit Supported
0x38 RequestFileTransfer Supported (callout)
0x3D WriteMemoryByAddress Supported (callout)
0x3E TesterPresent Supported
0x83 AccessTimingParameter NRC
"ServiceNotSupported"
0x84 SecuredDataTransmission NRC
"ServiceNotSupported"
0x85 ControlDTCSetting On, off Supported
the 2-byte ISO14229-1 DTC format, the DTCFormat parameter shall be equal to
DEM_DTC_FORMAT_UDS.
[SWS_Dcm_01160] d When the Dcm module receives a request with the DTCSever-
ityMask set to 0x00, it shall send a positive response as specified in ISO14229-1 [1]
and shall not use the Dem interface Dem_SetDTCFilter() c()
[SWS_Dcm_00835] d The Dcm shall call Dem_SetDTCFilter prior to
Dem_GetNumberOfFilteredDTC, any sequence of Dem_GetNextFilteredDTC,
any sequence of Dem_GetNextFilteredDTCAndFDC, as well as any sequence of
Dem_GetNextFilteredDTCAndSeverity. c()
[SWS_Dcm_00836] d The Dcm shall call Dem_SetFreezeFrameRecordFilter prior to
any sequence of Dem_GetNextFilteredRecord. c()
[SWS_Dcm_01127] d The Dcm module shall retrieve the DTCSeverityAvailabilityMask
by using the function Dem_GetDTCSeverityAvailabilityMask() c()
Note: The mask DTCSeverityAvailabilityMask reflects the severity bits supported by
the ECU.
[SWS_Dcm_01212] d If Dem_DisableDTCRecordUpdate() returns
DEM_WRONG_DTC, the Dcm shall send a NRC 0x31 (RequestOutOfRange). c
()
[SWS_Dcm_01213] d If Dem_DisableDTCRecordUpdate() returns
DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC 0x31 (RequestOutOfRange).
c()
[SWS_Dcm_01234] d If Dem_GetNextFilteredDTCAndSeverity() returns
DEM_NO_SUCH_ELEMENT and at least one matching element could be re-
trieved before, the Dcm shall send a positive response including these data elements.
c()
[SWS_Dcm_01235] d If Dem_GetNextFilteredDTCAndSeverity() returns
DEM_NO_SUCH_ELEMENT and no matching element could be retrieved before, the
Dcm shall send a positive response only for service, subservice and mandatory data
specified in ISO 14229-1 [1]. c()
[SWS_Dcm_01242] d If Dem_GetSizeOfExtendedDataRecordSelection() returns
DEM_WRONG_DTC, DEM_WRONG_DTCORIGIN or DEM_NO_SUCH_ELEMENT,
the Dcm shall send a NRC 0x31 (RequestOutOfRange) c()
[SWS_Dcm_01250] d If Dem_GetStatusOfDTC() returns DEM_WRONG_DTC or
DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC 0x31 (RequestOutOfRange).
c()
[SWS_Dcm_01409] d If Dem_GetStatusOfDTC() returns
DEM_NO_SUCH_ELEMENT, the Dcm shall send a positive response only for
service and subservice. c()
UDS Service 0x10 allows an external tester to enable different diagnostic sessions in
the server. A diagnostic session enables a specific set of diagnostic services and/or
functionality in the server. The service request contains the parameter:
• diagnosticSessionType
[SWS_Dcm_00250] d The Dcm module shall implement the UDS Service 0x10. c
(SRS_Diag_04006)
[SWS_Dcm_00307] d When responding to UDS Service 0x10, if the requested sub-
function value is not configured in the ECU (configuration parameter DcmDspSes-
sionLevel), the DSP submodule shall trigger a negative response with NRC 0x12
(SubFunction not supported). c()
If the requested subfunction value is configured, the following steps are processed
even if the requested session type is equal to the already running session type (see
ISO14229-1 [1] Section 9.2).
[SWS_Dcm_00311] d The send confirmation function shall set the new diagnos-
tic session type with DslInternal_SetSesCtrlType() and shall set the new timing
parameters (P2ServerMax, P2ServerMax*) (see configuration parameters DcmD-
spSessionP2ServerMax and DcmDspSessionP2StarServerMax) and do the mode
switch of the ModeDeclarationGroupPrototype DcmDiagnosticSessionControl by call-
ing SchM_Switch_<bsnp>_DcmDiagnosticSessionControl() with the new diagnostic
session type (see [SWS_Dcm_91019]). c(SRS_Diag_04015)
[SWS_Dcm_00085] d The DSP submodule shall manage internally a read ac-
cess for the dataIdentifier 0xF186 (ActiveDiagnosticSessionDataIdentifier) defined in
ISO14229-1 [1]. c()
UDS Service ECUReset (0x11) allows an external tester to request a server reset. The
service request contains parameter:
• resetType
[SWS_Dcm_00260] d The Dcm module shall implement the UDS Service ECUReset
(0x11). c()
[SWS_Dcm_00373] d On reception of a request for UDS Service 0x11 with the sub
functions other than enableRapidPowerShutDown (0x04) or disableRapidPowerShut-
Down (0x05), the Dcm module shall trigger the mode switch of ModeDeclarationGroup-
Prototype DcmEcuReset equal to the received resetType. After the mode switch is
requested the Dcm shall trigger the start of the positive response message transmis-
sion. Sub function hardReset (0x01) to HARD Sub function keyOffOnReset (0x02) to
KEYONOFF Sub function softReset (0x03) to SOFT c()
Note: By this mode switch the Dcm informs the BswM to carry out necessary actions
for the handling of this individual reset type. These actions can be configured within
the BswM action list corresponding to the requested reset type. Here the integrator can
also define if an ECU reset will finally be performed or not.
[SWS_Dcm_00594] d On the transmit confirmation (call to Dcm_TpTxConfirmation)
of the positive response, the Dcm module shall trigger the mode switch
of ModeDeclarationGroupPrototype DcmEcuReset to the mode EXECUTE (via
SchM_Switch_<bsnp>_DcmEcuReset(RTE_MODE_DcmEcuReset_EXECUTE)). c()
Note: By this mode switch the Dcm requests the BswM to perform the final processing
on the reset type according to the configured action list.
[SWS_Dcm_00818] d On reception of a request for UDS Service 0x11 with the
sub functions enableRapidPowerShutdown (0x04) or disableRapidPowerShutdown
(0x05), the Dcm module shall trigger the mode switch of ModeDeclarationGroupPro-
totype DcmRapidPowerShutDown: Sub function enableRapidPowerShutDown (0x04)
to ENABLE_RAPIDPOWERSHUTDOWN, Sub function disableRapidPowerShutDown
(0x05) to DISABLE_RAPIDPOWERSHUTDOWN c()
Note: If EnableRapidPowerShutdown is enabled, the ECU should shorten its power-
down time.
[SWS_Dcm_00589] d In case the parameter DcmDspPowerDownTime is present, the
Dcm shall set the powerDownTime in positive response to sub-service enableRapid-
PowerShutDown with value set in DcmDspPowerDownTime. c()
[SWS_Dcm_00834] d After sending the positive response of EcuReset (call of
Dcm_TpTxConfirmation) the Dcm shall ignore all further requests during reset-
processing. c()
[SWS_Dcm_CONSTR_6080] DcmDspEcuResetRow container configuration d One
container DcmDspEcuResetRow shall be configured for each DcmDsdSubService
(DcmDspEcuResetId matching to the DcmDsdSubServiceId) configured for the
UDS service ECUReset (0x11) which does not have the corresponding DcmDsdSub-
ServiceFnc parameter configured. c(SRS_Diag_04098)
• groupOfDTC.
[SWS_Dcm_00247] d The Dcm module shall implement UDS Service 0x14. c()
[SWS_Dcm_01263] d Upon reception of a UDS Service ClearDiagnosticInformation
(0x14) request with parameter groupOfDTC, the Dcm module shall call the API
Dem_SelectDTC() with the following parameter values:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
• DTC: groupOfDTC from the service request
• DTCFormat: DEM_DTC_FORMAT_UDS
• DTCOrigin: DEM_DTC_ORIGIN_PRIMARY_MEMORY
c(SRS_Diag_04058)
[SWS_Dcm_01400] d After call of Dem_SelectDTC() the Dcm shall call
Dem_GetDTCSelectionResultForClearDTC() with the following parameter value:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef.
c()
[SWS_Dcm_01265] d In case Dem_GetDTCSelectionResultForClearDTC() returns
DEM_WRONG_DTC, the Dcm shall send a NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_01268] d In case Dem_GetDTCSelectionResultForClearDTC() returns
E_OK, the Dcm module shall check if application allows to clear the DTC (according
to the configuration parameter DcmDspClearDTCCheckFnc). If not, the Dcm module
shall send a negative response with NRC set to value from the parameter "ErrorCode".
c()
[SWS_Dcm_01269] d In case application allows to clear the DTC, the Dcm module
shall check if the DTC can be cleared in the current mode condition (according to the
configuration parameter DcmDspClearDTCModeRuleRef). If not, the Dcm module
shall send the calculated negative response code of the referenced DcmModeRule. c
()
[SWS_Dcm_00005] d If the condition checks are successfully done, the Dcm module
shall call Dem_ClearDTC with the following parameter values:
• ClientId = Client Id for this Dcm instance (see DcmDemClientRef)
c(SRS_Diag_04058)
[SWS_Dcm_00705] d In case Dem_ClearDTC() returns E_OK, the Dcm module shall
send a positive response. c()
[SWS_Dcm_00707] d In case Dem_ClearDTC() returns DEM_CLEAR_FAILED, the
Dcm shall send a negative response 0x22 (conditionsNotCorrect). c()
[SWS_Dcm_00708] d In case Dem_ClearDTC() returns DEM_WRONG_DTC, the Dcm
shall send a negative response 0x31 (requestOutOfRange). c()
Service 0x19 allows a client to read the status of server resident Diagnostic Trouble
Code (DTC) information.
[SWS_Dcm_00248] d The Dcm module shall implement the UDS Service 0x19. c()
To setup the retrieval of specific data from the Dem module, the Dcm will
call different filter APIs (Dem_SetDTCFilter(), Dem_SetFreezeFrameRecordFilter(),
Dem_SelectFreezeFrameData() and Dem_SelectExtendedDataRecord()).
[SWS_Dcm_01043] d In case E_NOT_OK is returned by Dem_SetDTCFilter(), the Dcm
module shall send a negative response with NRC 0x31 (requestOutOfRange). c()
[SWS_Dcm_01334] d For all sub-functions addressing user defined fault memory,
before calling the appropriate Dem API, the Dcm shall add the value 0x0100 to
the received selection request parameter MemorySelection in order to match the
Dem_DTCOriginType. c()
UDS Service 0x19 with subfunctions 0x01, 0x11 or 0x12 requests the ECU to report
the number of DTCs matching tester-defined criteria. The service request contains the
parameter:
• DTCStatusMask
UDS Service 0x19 with subfunction 0x07 requests the ECU to report the num-
ber of DTCs matching tester-defined criteria. The service request contains the
parameters:
• DTCSeverityMask
• DTCStatusMask
Table 7.8: Subfaunction 0x01, 0x07, 0x11 and 0x12 response values
Table 7.9: Dem_SetDTCFilter() parameters values for subfunctions 0x01, 0x07, 0x11 and
0x12
UDS Service 0x19 with subfunctions 0x02, 0x0F or 0x13 requests the DTCs (and their
associated status) that match certain conditions. The service request contains the
parameter:
• DTCStatusMask
UDS Service 0x19 with subfunction 0x0A requests all supported DTCs and their associ-
ated status. UDS Service 0x19 with subfunction 0x15 requests all DTCs with permanent
status.
[SWS_Dcm_00377] d When sending a positive response to UDS Service 0x19 with
subfunction 0x02, 0x0A, 0x0F, 0x13, 0x15 or 0x17, the Dcm module shall use the data
in the response message according to Table 7.10.c()
Parameter name Value
DTCStatusAvailabilityMask DTCStatusAvailabilityMask (see [SWS_Dcm_00007])
DTCAndStatusRecord As defined in [SWS_Dcm_00008] and
[SWS_Dcm_00378]
MemorySelection (subservice 0x17 From request
only)
Table 7.10: Subfunction 0x02, 0x0A, 0x0F, 0x13, 0x15 and 0x17 eesponse values
Table 7.11: Dem_SetDTCFilter() parameters values for subfunctions 0x02, 0x0A, 0x0F,
0x13,0x15 and0x17
Note:
• The Dcm module can get an indication of the number of records that will be found
using Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
This allows the implementation to calculate the total size of the response before
cycling through the DTCs.
• The value 0x00 used as DTCStatusMask for the subfunctions 0x0A and 0x15
disables the status byte filtering in Dem_SetDTCFilter().
[SWS_Dcm_00828] d In case of paged buffer support is disabled, the Dcm module shall
not insert zero-padded DTCs to the response of UDS Service 0x19 with subfunctions
0x02, 0x0A, 0x0F, 0x13, 0x15 or 0x17. c()
When using paged buffer mechanism, in some case, it’s possible that the number of
DTC matching the filter change between the calculation of the total size, needed for
the first page transmission, and the sending of the further pages. For this reason, the
following requirement apply :
[SWS_Dcm_00587] d In case of paged buffer support is enabled, The Dcm shall limit
the response size to the size calculated when sending the first page. If more DTCs
match the filter after this sending, the additional DTCs shall not be considered. c()
[SWS_Dcm_00588] d In case of paged buffer support is enabled,The Dcm shall pad
the response with the size calculated when sending the first page. If less DTC match
the filter after this sending, the missing DTCs shall be padded with 0 value as defined
in 15031-6 [14]. c()
[SWS_Dcm_01229] d If Dem_GetNextFilteredDTC() returns
DEM_NO_SUCH_ELEMENT and at least one matching element could be re-
trieved before, the Dcm shall send a positive response including these data elements.
c()
[SWS_Dcm_01230] d If Dem_GetNextFilteredDTC() returns
DEM_NO_SUCH_ELEMENT and at no matching element could be retrieved be-
fore, the Dcm shall send a positive response only for service and subservice and
additional parameters required within a positive response. c()
UDS Service 0x19 with subfunction 0x08 requests the DTCs and the associated status
that match a tester-defined severity mask record. The service request contains the
following parameters:
• DTCSeverityMask
• DTCStatusMask
[SWS_Dcm_00379] d When sending a positive response to UDS Service 0x19 with
subfunction 0x08, the Dcm module shall use the data in the response message accord-
ing to Table 7.12.c()
Parameter name Value
DTCStatusAvailabilityMask DTCStatusAvailabilityMask (see [SWS_Dcm_00007])
DTCAndSeverityRecord As defined in [SWS_Dcm_00380]
reportDTCBySeverityMaskRecord
DTCStatusMask DTCStatusMask from request (see [SWS_Dcm_00700]
DTCFormat DEM_DTC_FORMAT_UDS
DTCOrigin PRIMARY_MEMORY
FilterWithSeverity YES
DTCSeverityMask DTCSeverityMask from request
FilterForFaultDetectionCounter NO
Note: The Dcm module can get an indication of the number of records
that will be found using Dem_GetNextFilteredDTCAndSeverity() by using
Dem_GetNumberOfFilteredDTC().
UDS Service 0x19 with subfunction 0x09 requests the severity information of a DTC.
The service request contains the parameter:
• DTCMaskRecord
[SWS_Dcm_00381] d When sending a positive response to UDS Service 0x19 with
subfunction 0x09, the Dcm module shall use the data in the response message accord-
ing to Table 7.14.c()
Parameter name Value
DTCStatusAvailabilityMask DTCStatusAvailabilityMask (see [SWS_Dcm_00007])
DTCAndSeverityRecord DTCSeverityMask: see [SWS_Dcm_01402]
DTCFunctionalUnit: see [SWS_Dcm_01403]
DTC: the given DTC of the request
statusOfDTC : see [SWS_Dcm_01404]
[SWS_Dcm_01402] d To select the DTC, the Dcm module shall call the API
Dem_SelectDTC() with the following parameter values:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
• DTC: DTC from the service request
• DTCFormat: DEM_DTC_FORMAT_UDS
• DTCOrigin: DEM_DTC_ORIGIN_PRIMARY_MEMORY
c()
[SWS_Dcm_01403] d To retrieve the DTCSeverityMask of the selected DTC, the Dcm
shall call Dem_GetSeverityOfDTC() with the following parameter value:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
c()
[SWS_Dcm_01404] d To retrieve the DTCFunctionalUnit of the selected DTC, the Dcm
shall call Dem_GetFunctionalUnitOfDTC() with the following parameter value:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
c()
[SWS_Dcm_01405] d To retrieve the statusOfDTC of the selected DTC, the Dcm shall
call Dem_GetStatusOfDTC() with the following parameter value:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
c()
[SWS_Dcm_01226] d If Dem_GetFunctionalUnitOfDTC() returns
DEM_WRONG_DTC or DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC
0x31 (requestOutOfRange). c()
[SWS_Dcm_01240] d If Dem_GetSeverityOfDTC() returns DEM_WRONG_DTC, the
Dcm shall send a NRC 0x31 (requestOutOfRange) c()
[SWS_Dcm_01406] d If Dem_GetStatusOfDTC() returns DEM_WRONG_DTC or
DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC 0x31 (requestOutOfRange).
c()
The UDS Service 0x19 with subfunction 0x06, 0x10 or 0x19 requests a specific Ex-
tended Data Records for a specific DTC. The service request contains the parameters:
• DTCMaskRecord
• DTCExtendedDataRecordNumber
[SWS_Dcm_01547] d On reception of the UDS Service ReadDTCInformation (0x19)
with sub-function reportUserDefMemoryDTCExtDataRecordByDTCNumber (0x19),
the Dcm shall check if the access to the selected user defined memory in parame-
ter MemorySelection is authenticated and read the DTC information only if:
• a DcmDspReadDTCInformationUserDefinedFaultMemoryRole is configured
with DcmDspReadDTCInformationUserDefinedFaultMemoryRoleId matching the
MemorySelection and the verification according to [SWS_Dcm_01522] was suc-
cessful or
• the active white list on that connection has for that requested user defined mem-
ory selection one entry.
c()
Table 7.15: Dem_SelectDTC() parameters values for subfunctions 0x06, 0x10 and 0x19
As required in [SWS_Dcm_00371], the Dcm module shall obtain the size of the ex-
tended data record by using Dem_GetSizeOfExtendedDataRecordSelection().
UDS Service 0x19 with subfunction 0x03 allows an external tester to request the corre-
sponding DTCs for all FreezeFrame records present in an ECU.
[SWS_Dcm_00300] d When sending a positive response to UDS Service 0x19 with
subfunction 0x03, the Dcm module shall use the data in the response message accord-
ing to Table 7.17. c()
Parameter name Value
DTCRecord / DTCSnapshotRecord- As defined in [SWS_Dcm_00299]
Number
Using UDS Service 0x19 with subfunction 0x04 or 0x18, an external tester can request
FreezeFrame information for one or all FreezeFrames of a specific DTC. The service
request contains parameters:
• DTCMaskRecord
• DTCSnapshotRecordNumber
The subfunction 0x18 has an additional MemorySelection.
UDS Service 0x19 with subfunction 0x05 allows an external tester to request Freeze-
Frame information for a specific FreezeFrame record number. The service request
contains parameter:
• DTCStoredDataRecordNumber
Due to Dem limitation, the diagnostic service $19 05 is limited to the OBD legislative
freeze frame.
[SWS_Dcm_00632] d On reception of service 0x19 with subfunction 0x05, if the record
number of the diagnostic request is different from 0x00, the Dcm module shall send a
negative response with NRC 0x31 (request out of range). c()
[SWS_Dcm_00574] d When sending a positive response to UDS Service 0x19 with
subfunction 0x05 and DTCStoredDataRecordNumber is 0x00, the Dcm module shall
use the data in the response message according to Table 7.19. c()
Parameter name Value
DTCStoredDataRecordNumber DTCStoredDataRecordNumber from request (0x00)
DTCAndStatusRecord DTC according to [SWS_Dcm_01193], statusOfDTC
according to [SWS_Dcm_00389]
DTCStoredDataRecordNumberOfIden- As defined in [SWS_Dcm_00388]
tifiers / DTCStoredDataRecord
An external test tool can request the first occurred or most recent failed or confirmed
DTC and associated status, by sending the UDS Service request 0x19 including one of
the following sub-functions 0x0B, 0x0C, 0x0D, 0x0E
[SWS_Dcm_00392] d When sending a positive response to UDS Service 0x19 with
subfunction 0x0B, 0x0C, 0x0D or 0x0E, the Dcm module shall use the data in the re-
sponse message according to Table 7.20.c()
Parameter name Value
DTCStatusAvailabilityMask DTCStatusAvailabilityMask (see [SWS_Dcm_00007])
DTCAndStatusRecord The DTC is obtained according to [SWS_Dcm_00466], the
StatusOfDtc is obtained according to [SWS_Dcm_00393]
Table 7.20: Subfunctions 0x0B, 0x0C, 0x0D and 0x0E response values
[SWS_Dcm_00393] d For the purpose of responding to UDS Service 0x19 with sub-
functions 0x0B, 0x0C, 0x0D or 0x0E, the Dcm module shall obtain the StatusOfDtc by
calling Dem_GetStatusOfDTC() with the following parameter values:
• ClientId :Client Id for this Dcm instance (see DcmDemClientRef
An external test tool may request an ECU to report the FaultDetectionCounter for all
DTCs with a "Prefailed" status, by sending a UDS Service request 0x19 with subfunction
0x14.
[SWS_Dcm_00464] d When sending a positive response to UDS Service 0x19 with
subfunction 0x14, the Dcm module shall use the data in the response message accord-
ing to Table 7.22.c()
Parameter name Value
DTC The DTC is obtained according from the call to
Dem_GetNextFilteredDTCAndFDC()
DTCFaultDetectionCounter The DTCFaultDetectionCounter is obtained according
from the call to Dem_GetNextFilteredDTCAndFDC()
UDS Service 0x19 with subfunction 0x42 requests WWH OBD DTCs matching a DTC
status mask a severity mask record. The service request contains the following pa-
rameters:
• FunctionalGroupIdentifier
• DTCSeverityMask
• DTCStatusMask
[SWS_Dcm_01128] d The Dcm shall reject request messages for subFunction 0x42
with FunctionalGroupIdentifier unequal to 0x33 by returning NRC 0x31 (requestOut-
OfRange) c()
[SWS_Dcm_01129] d When sending a positive response to UDS Service 0x19 with
subfunction 0x42, the Dcm module shall use the data in the response message accord-
ing to Table 7.24.c()
Parameter name Value
FunctionalGroupIdentifier 0x33
DTCStatusAvailabilityMask Dem_GetDTCStatusAvailabilityMask (see
[SWS_Dcm_00007] )
DTCSeverityAvailabilityMask Dem_GetDTCSeverityAvailabilityMask (see
[SWS_Dcm_01127])
DTCFormatIdentifier Dem_GetTranslationType (limited to values 0x04 and
0x02)
DTCAndSeverityRecord As defined in [SWS_Dcm_01130]
Note: The Dcm module can get an indication of the number of records
that will be found using Dem_GetNextFilteredDTCAndSeverity() by using
Dem_GetNumberOfFilteredDTC().
With UDS Service 0x19 with sub-function 0x55 a client can retrieve a list of WWH-OBD
DTCs with the "permanent DTC" status. The service request contains the following
parameter:
• FunctionalGroupIdentifier
[SWS_Dcm_01343] d The Dcm shall only process request messages for sub-function
0x55 with FunctionalGroupIdentifier equal to 0x33. c()
[SWS_Dcm_01344] d The Dcm shall reject request messages for sub-function 0x55
with FunctionalGroupIdentifier unequal to 0x33 by returning NRC 0x31 (RequestOut-
OfRange). c()
[SWS_Dcm_01345] d When sending a positive response to UDS Service 0x19 with
sub-function 0x55, the Dcm module shall use the following data in the response mes-
sage according to Table 7.27. c()
Parameter name Value
FunctionalGroupIdentifier 0x33
DTCStatusAvailabilityMask Dem_GetDTCStatusAvailabilityMask (see
[SWS_Dcm_00007] )
DTCFormatIdentifier Dem_GetTranslationType (limited to values 0x04 and
0x02)
DTCAndStatusRecord As returned by Dem_GetNextFilteredDTC()
Note : When responding to UDS Service 0x19 with sub-function 0x55, the
Dcm module could obtain the DTCAndStatusRecords by repeatedly calling
Dem_GetNextFilteredDTC() after having configured the filter with Dem_SetDTCFilter()
using the parameter values according to Table 7.28.
Parameter name Value
ClientId See DcmDemClientRef
DTCStatusMask 0x00
DTCFormat DEM_DTC_FORMAT_UDS
DTCOrigin DEM_DTC_ORIGIN_PERMANENT_MEMORY
FilterWithSeverity NO
DTCSeverityMask Not relevant
FilterForFaultDetectionCounter NO
The Dcm module can get an indication of the number of records that will be found using
Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
[SWS_Dcm_01346] d When responding to UDS Service 0x19 with sub-function
0x55 and Dem_GetTranslationType returns a Dem_DTCTranslationFormatType
different to 0x02 (DEM_DTC_TRANSLATION_SAEJ1939_73) or 0x04
(DEM_DTC_TRANSLATION_J2012DA_FORMAT_04), the Dcm module shall re-
turn NRC 0x10 (generalReject). c()
[SWS_Dcm_00253] d The Dcm module shall implement the UDS Service ReadDataByI-
dentifier (0x22) c()
[SWS_Dcm_01335] d On reception of the UDS Service ReadDataByIdentifier (0x22), if
the number of requested DID exceeds the configured maximum number of data identi-
fiers (refer to configuration parameter DcmDspMaxDidToRead), the Dcm module shall
send NRC 0x13 (Incorrect message length or invalid format) c()
With UDS Service 0x22, the tester can request the value of one or more DIDs.
[SWS_Dcm_01548] d On reception of the UDS Service ReadDataByIdentifier (0x22),
the Dcm shall check if the access to all requested DIDs outside the range 0xF200-
0xF8FF is authenticated and read the data identifiers only if:
• a DcmDspDidReadRole is configured for that DID and the verification according
to [SWS_Dcm_01522] was successful or
• the active white list on that connection has for each requested DID one entry with
read access that matches that DID.
c()
[SWS_Dcm_01549] d On reception of the UDS Service ReadDataByIdentifier (0x22),
the Dcm shall check for all requested DIDs inside the range 0xF200-0xF3FF if the
content is based of DIDs or parts of DIDs that are authenticated and read the data
identifiers only if:
• a DcmDspDidReadRole is configured for those DIDs and the verification accord-
ing to [SWS_Dcm_01522] was successful or
• the active white list on that connection has for each requested DID one entry with
read access that matches those DIDs.
c()
c()
[SWS_Dcm_01385] d If the DID dataRecord has bytes, not defined by any data ele-
ment, the Dcm shall fill these bytes with the value 0x00. c()
[SWS_Dcm_01431] d If the configuration parameter DcmDspDidSize is configured,
the Dcm shall enforce the DID data to have the configured size. c()
[SWS_Dcm_00258] d The Dcm module shall implement the UDS Service ReadScaling-
DataByIdentifier (0x24) c()
To obtain scaling information, the tester can invoke UDS Service 0x24 with the 2-byte
DID as parameter. The configuration of the Dcm contains for each configured DID:
• The 2-byte DID (see configuration parameter DcmDspDidIdentifier)
• For every data of the DID :
• The function GetScalingInformation (see configuration parameters DcmDsp-
DataGetScalingInfoFnc and DcmDspDataUsePort)
• The length of the ScalingInfo returned by the GetScalingInformation function (see
configuration parameter DcmDspDataScalingInfoSize)
[SWS_Dcm_00394] d On reception of a request for UDS Service ReadScalingByIden-
tifier, the Dcm module shall call every function Xxx_GetScalingInformation() configured
for everay data of the DID received in the request and return the data received in the
response c()
[SWS_Dcm_CONSTR_6060] Dependency for DcmDspDataGetScalingInfoFnc
d DcmDspDataGetScalingInfoFnc shall be only present if:
[SWS_Dcm_00252] d The Dcm module shall implement the UDS Service SecurityAc-
cess (0x27) c(SRS_Diag_04005)
The purpose of this service is to provide a means to access data and/or diagnostic
services, which have restricted access for security, emissions, or safety reasons.
[SWS_Dcm_00321] d If the request length is correct, the DSP submodule shall check
if the requested subfunction value (access type) is configured in the ECU (see con-
figuration parameter DcmDspSecurityLevel). If the requested subfunction value is
not configured, the DSP submodule shall trigger a negative response with NRC 0x12
(SubFunction not supported). c()
[SWS_Dcm_00323] d If the requested subfunction value is configured and a service
with subfunction type "requestSeed "(= odd value) has been received and if the re-
quested access type is already active (see Dcm_GetSecurityLevel), the DSP sub-
module shall set the seed content to 0x00. c()
[SWS_Dcm_00324] d In the other case than the one described in [SWS_Dcm_00323]
(access type is not active or "send key" request), if DcmDspSecurityUsePort is
set to USE_ASYNCH_CLIENT_SERVER, the DSP submodule shall call the configured
operation Xxx_GetSeed() (in case "request seed" is received) or Xxx_CompareKey()
(in case "send key" is received). c()
[SWS_Dcm_00862] d On reception of the UDS Service SecurityAccess (0x27)
with subfunction type "requestSeed" and if the requested access type is not al-
ready active, the Dcm module shall request a seed by calling the configured
Xxx_GetSeed() function (if the configuration parameter DcmDspSecurityUsePort
is set to USE_ASYNCH_FNC, refer to configuration parameter DcmDspSecurityGet-
SeedFnc). c()
Note : If the static seed mechanism is used, the processing needs to be done by the
application implementing the Xxx_GetSeed() and Xxx_CompareKey() functions.
[SWS_Dcm_CONSTR_6077] Dependency for DcmDspSecurityGetSeedFnc d
DcmDspSecurityGetSeedFnc shall be present only if DcmDspSecurityUsePort
is set to USE_ASYNCH_FNC. c()
[SWS_Dcm_00863] d On reception of the UDS Service SecurityAccess (0x27) with
subfunction type "sendKey", if the requested access type is not already active and
if the "request seed" for the related access type was executed successfully, the
Dcm module shall request the result of a key comparison by calling the configured
Xxx_CompareKey() function (if the configuration parameter DcmDspSecurityUse-
Port is set to USE_ASYNCH_FNC, refer to configuration parameter DcmDspSecuri-
tyCompareKeyFnc). c()
[SWS_Dcm_CONSTR_6075] Dependency for DcmDspSecurityCompareKeyFnc
d DcmDspSecurityCompareKeyFnc shall be configured only if DcmDspSecuri-
tyUsePort is set to USE_ASYNCH_FNC. c()
The following list gives as an example, which errors can be detected by the security
access service and stored in the error code information:
• RequestSequenceError (NRC 0x24), when invalid access type is send at "send
key",
• RequiredTimeDelayNotExpired (NRC 0x37), when time delay is active (see con-
figuration parameter DcmDspSecurityDelayTime),
• ExceededNumberOfAttempts (NRC 0x36), when number of attempts to get secu-
rity access reaches or exceeds the configured limit (see configuration parameter
DcmDspSecurityNumAttDelay), and
• InvalidKey (NRC 0x35), when invalid key is send at "send key".
[SWS_Dcm_00325] d If the operation CompareKey() returns E_OK, the DSP submod-
ule shall set the new access type with DslInternal_SetSecurityLevel()(see the conver-
sion formula given in ECUC_Dcm_00754 DcmDspSecurityLevel). c()
[SWS_Dcm_01397] d If Xxx_CompareKey() returns value
DCM_E_COMPARE_KEY_FAILED and DcmDspSecurityNumAttDelay is con-
figured, the Dcm shall increment the attempt counter of the security level for which the
sendKey subfunction request failed. c(SRS_Diag_04005)
[SWS_Dcm_00660] d If Xxx_CompareKey() returns value
DCM_E_COMPARE_KEY_FAILED and if the number of failed attempts to enter
the requested security level (AttemptCounter) is less than the value configured for
the DcmDspSecurityNumAttDelay parameter of the requested security level, the
Dcm module shall send a negative response with NRC 0x35 (InvalidKey) and shall not
change the Dcm internal security level. Note: if DcmDspSecurityNumAttDelay
parameter is not configured, the number of failed attempts to enter the requested
security level (AttemptCounter) is not considered. c()
[SWS_Dcm_01349] d If Xxx_CompareKey() returns value
DCM_E_COMPARE_KEY_FAILED and if the number of failed attempts to enter
the requested security level (AttemptCounter) is greater or equal than the value con-
figured for the DcmDspSecurityNumAttDelay parameter of the requested security
level, the Dcm module shall start the SecurityDelayTimer with the value configured in
DcmDspSecurityDelayTime for the SecurityLevel which was requested in the failed
request, send a negative response with NRC 0x36 (exceededNumberOfAttempts) and
shall not change the Dcm internal security level. c()
c()
[SWS_Dcm_00786] d On invocation of the sent confirmation function of the UDS Ser-
vice CommunicationControl (0x28) from DSD with the subnet parameter of the request
between 0x01 and 0x0E, the Dcm shall check if the received subnet parameter (see
DcmDspSubnetNumber) is supported. In case it is not supported a NegativeResponse
code 0x31 shall be sent. In case it is supported the Dcm shall do for the correspond-
ing NetworkHandle (see DcmDspSpecificComMChannelRef) of the received subnet
parameter (see DcmDspSubnetNumber):
1. trigger the mode switch Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype to the mode corresponding the communicationType and con-
trolType parameter from the CommunicationControl request.
2. call the Api BswM_Dcm_CommunicationMode_CurrentState the parameters Net-
workHandleType and with Dcm_CommunicationModeType corresponding the
communicationType and controlType parameter from the CommunicationControl
request (see Dcm_CommunicationModeType definition)
c()
For some use-cases the Dcm may re-enable the CommunicationControl due to external
changed mode conditions:
[SWS_Dcm_00753] d In case that the referenced ModeRule (see ECUC_Dcm_00943)
is not fulfilled anymore for a NetworkHandle which is currently in a state other than
DCM_ENABLE_RX_TX_NORM_NM, the Dcm shall:
1. switch the mode group Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype toDCM_ENABLE_RX_TX_NORM_NM
2. call BswM_Dcm_CommunicationMode_CurrentState with the parameters Net-
workHandleType set to the corresponding NetworkHandle of the network and
RequestedCommunicationMode set to DCM_ENABLE_RX_TX_NORM_NM
c()
[SWS_Dcm_00860] d For a NetworkHandle which is currently in a state other than
DCM_ENABLE_RX_TX_NORM_NM if the Dcm is transitioning to default session or
upon any diagnostic session change where the new session does not support UDS
Service CommunicationControl anymore, the Dcm shall:
1. switch the mode group Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype to DCM_ENABLE_RX_TX_NORM_NM
2. call BswM_Dcm_CommunicationMode_CurrentState with the parameters Net-
workHandleType set to the corresponding NetworkHandle of the network and
RequestedCommunicationMode set to DCM_ENABLE_RX_TX_NORM_NM
c()
Note: the NetworkHandles to be considered are all ComM channels which are refer-
enced from either DcmDspSpecificComMChannelRef, DcmDspAllComMChannel-
Ref or DcmDspComControlSubNodeComMChannelRef.
[SWS_Dcm_01077] d If a CommunicationControl Request with the sub-function "en-
ableRxAndDisableTxWithEnhancedAddressInformation" is received, the Dcm shall
check the "nodeIdentification-Number" listed as DcmDspComControlSubNodeId and
for the referenced network (see DcmDspComControlSubNodeComMChannelRef ), it
shall do the followings:
1. trigger the mode switch Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype to the mode corresponding the communicationType and con-
trolType parameter from the CommunicationControl request.
2. call the Api BswM_Dcm_CommunicationMode_CurrentState with the parameters
NetworkHandleType and Dcm_CommunicationModeType corresponding to the
communicationType and controlType parameter from the CommunicationControl
request (see Dcm_CommunicationModeType definition).
The analogue controlType enableRxAndDisableTx shall be used with the the following
existing Dcm_CommunicationModeType values:
• DCM_ENABLE_RX_DISABLE_TX_NORM
• DCM_ENABLE_RX_DISABLE_TX_NM
• DCM_ENABLE_RX_DISABLE_TX_NORM_NM.
c()
[SWS_Dcm_01078] d The Dcm shall trigger a negative response with NRC 0x31
(RequestOutOfRange), if a CommunicationControl Request with the sub-function
"enableRxAndDisableTxWithEnhancedAddressInformation" and a "nodeIdentification-
Number" which is not listed as DcmDspComControlSubNodeId is received. c()
[SWS_Dcm_01079] d If a CommunicationControl Request with the sub-function "en-
ableRxAndTxWithEnhancedAddressInformation" is received, the Dcm shall check the
"nodeIdentification-Number" listed as DcmDspComControlSubNodeId and for the
referenced network (see DcmDspComControlSubNodeComMChannelRef ) it shall
do the followings:
1. trigger the mode switch Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype to the mode corresponding the communicationType and con-
trolType parameter from the CommunicationControl request.
2. call the Api BswM_Dcm_CommunicationMode_CurrentState with the parameters
NetworkHandleType and Dcm_CommunicationModeType corresponding to the
communicationType and controlType parameter from the CommunicationControl
request (see Dcm_CommunicationModeType definition).
The analogue controlType enableRxAndTx shall be used with this the following existing
Dcm_CommunicationType values :
• DCM_ENABLE_RX_TX_NORM
• DCM_ENABLE_RX_TX_NM
• DCM_ENABLE_RX_TX_NORM_NM.
c()
[SWS_Dcm_01080] d The Dcm shall trigger a negative response with NRC 0x31 (Re-
questOutOfRange), if a CommunicationControl Request with the sub-function "en-
ableRxAndTxWithEnhancedAddressInformation" and a "nodeIdentification-Number"
which is not listed as DcmDspComControlSubNodeId is received. c()
[SWS_Dcm_01081] d If DcmDspComControlSubNodeUsed is set to FALSE the sub-
system (DcmDspComControlSubNode) is not available in this configuration. c()
[SWS_Dcm_01082] d If DcmDspComControlSubNodeUsed is set to TRUE the sub-
system (DcmDspComControlSubNode) is available in this configuration. c()
Note : Condition checks (i.e. NRC 22 checks) on CommunicationType and NetworkType
as well as check of CommunicationType support (i.e. NRC 0x31 check for Communi-
cationType) are not directly supported by the Dcm. Supplier/manufacturer notifications
can be used.
The UDS service Authentication (0x29) is used to provide dynamic means to control
the access to diagnostic services. Execution of certain diagnostic services might have
impact on safety, emissions or the vehicle. Controlling the access to diagnostic ser-
vices via certificates provide means to control the access to diagnostic services after
production. The access to these resources can be limited in time or bound to certain
vehicles or ECUs only. AUTOSAR Dcm provides an out of the box solution for authen-
ticated diagnostics with a given semantics of the UDS service Authentication. Even
ISO 14229-1 [x] leaves more freedom, the Dcm will use only the functionality specified
in this chapter. Further interpretations, certificate types or certificate content are out
of scope of the AUTOSAR Dcm module. At the point of time this specification was de-
veloped, only the DIS (Draft International Standard) of ISO 14299-1:2018 is available.
Unless the official international standard ISO 14299-1:2018 is released, AUTOSAR will
implement a solution based on this not public available draft.
InfotypeServices ServiceRequestNotification
SecurityAccess RoutineServices
«abswRequires» «abswRequires»
«abswRequires»
DataServices «abswRequires» CallbackDCMRequestServices
«abswRequires»
Dem
«realize» «optional»
Dem_DcmReadDataOfOBDFreezeFrame «realize»
Dcm_MainFunction
«realize»
Dcm_Init NvM
«realize»
«optional» NvM_WriteBlock
«optional»
IoHwAb
«realize»
IoHwAb_Dcm «realize» «realize» «mandatory»
BswM
«realize» «optional»
BswM_Dcm_ApplicationUpdated
PduR ComM
[SWS_Dcm_01559] d The Dcm shall implement the UDS service Authentication (0x29)
for sub-functions:
• deAuthenticate
• verifyCertificateUnidirectional
• verifyCertificateBidirectional
• proofOfOwnership
• authenticationConfiguration
c(SRS_Diag_04215)
Note: AUTOSAR Dcm only implements the authentication via PKI certificated ex-
change. Authentication with challenge-response (ACR) is out of scope of AUTOSAR.
If it is required it needs a full custom implementation using existing Dcm callouts for
custom service processing.
[SWS_Dcm_01551] d The Dcm shall follow the NRC handling as defined for ISO
14229-1:2018 for UDS service authentication. This includes the NRC codes as well
as the order of individual NRC checks. c(SRS_Diag_04215)
[SWS_Dcm_CONSTR_6091] d The presence of a DcmDsdService with DcmDsd-
SidTabServiceId set to 0x29, requires a configured container DcmDspAuthentication
on DcmDsp. c()
[SWS_Dcm_CONSTR_6092] d The presence of a DcmDsdService with DcmDsd-
SidTabServiceId set to 0x29, requires a configured DcmDspAuthenticationConnection
per configured connection DcmDslConnection. c()
[SWS_Dcm_CONSTR_6093] d Each DcmDspAuthenticationConnection shall refer a
different DcmDslMainConnection by the reference in DcmDspAuthenticationConnec-
tionMainConnectionRef. c()
The Dcm is using the Csm and KeyM for certificate management. Parsing the certifi-
cate is a potential time-consuming operation and needs to be executed asynchronous.
There are opinions that security shall not reveal any cause of failed authentication and
thus have no dedicated NRCs for different certificate failures. To respect this use case
the Dcm provides a general security NRC handling.
[SWS_Dcm_01560] d If the mode referenced by DcmDspAuthenticationGeneralNRC-
ModeRuleRef evaluates to true, the Dcm shall send the NRC code given in DcmDspAu-
thenticationGeneralNRC instead of the specific NRC codes in all situation where a
Certificate verification failed - NRC is returned. c(SRS_Diag_04215)
[SWS_Dcm_CONSTR_6094] d If DcmDspAuthenticationGeneralNRCModeRuleRef is
configured the parameter DcmDspAuthenticationGeneralNRC shall also be configured.
c()
7.5.2.10.1 De-authentication
The de-authenticate sub-function shall be always available if service 0x29 is used. This
service set the authentication state to deauthenticated for the diagnostic connection the
request was received on.
[SWS_Dcm_CONSTR_6095] d The presence of a DcmDsdService with DcmDsd-
SidTabServiceId set to 0x29, requires a DcmDsdSubService on this DcmDsdService
with DcmDsdSubServiceId set to deAuthenticate. c()
[SWS_Dcm_01561] d On reception of an Authentication (0x29) service with sub-
function equal to de-authenticate, the Dcm shall set the authentication state to deau-
thenticated on the connection the Dcm has received that request. c(SRS_Diag_04215)
certificate from the service request within the KeyM module. The following parameter
values shall be used:
• CertificateId = DcmDspAuthenticationConnectionCertificateRef ->
KeyMCertificate.KeyMCertificateId
• certificateDataPtr.certData = Pointer to certificateClient from Request
• certificateDataPtr.certDataLength = lengthOfCertificateClient from Request
c()
Diagnostic certificate configuration is a task that is mainly executed in the Csm and
KeyM modules. The Dcm provides an abstraction from these modules and only keeps
symbolic references to containers that keep the information. Please take attention
while configuring the Csm and KeyM ’in spirit of Dcm certificates’.
[SWS_Dcm_01464] Invalid certificate size failure d If the API KeyM_SetCertificate
returns KEYM_E_SIZE_MISMATCH, the Dcm shall return the NRC 0x13 (incorrectMes-
sageLengthOrInvalidFormat). c()
[SWS_Dcm_01465] Behavior on busy crypto operation d If any of the Csm or KeyM
APIs called by the Dcm is returning CRYPTO_E_BUSY or KEYM_E_BUSY, the Dcm
shall return the NRC 0x21 (busyRepeat). c()
[SWS_Dcm_01466] Csm APIs returning failure code behavior d Throughout this
chapter the Csm or KeyM are used to process the authentication requests. These
APIs have return values for failures. Unless there is no dedicated requirement for a
given return value and if the return value is different to E_OK, the Dcm shall return a
NRC 0x10 ’GeneralReject’. c()
The cryptographic operations have potential long execution times and are called asyn-
chronously.
[SWS_Dcm_01467] Asynchronous certificate operation handling d For all asyn-
chronous Csm or KeyM operations, the Dcm shall wait until the callback has been
called, indicating a successful job termination. If the result (e.g. KeyM_ResultType) is
E_OK, the Dcm shall continue to process the 0x29 request, if the result is different to
E_OK, the Dcm shall skip the further processing and return a negative response with
NRC ’GeneralReject’. c()
Parse and Verify certificate in Csm
[SWS_Dcm_01468] Verifying client certificate d After the Dcm has set the certifi-
cate according to [SWS_Dcm_01463], the Dcm shall verify the certificate by calling
KeyM_VerifyCertificate with the following parameters:
• CertificateId = DcmDspAuthenticationConnectionCertificateRef ->
KeyMMCertificate.KeyMCertificateId
c()
failed or no such sub-function was processed yet, the Dcm shall send the negative
response ’requestSequenceError’. The connection shall remain in de-authenticated
state. c()
[SWS_Dcm_01510] Proof of ownership message length check d On reception of an
Authentication (0x29) service with sub-function equal to proofOfOwnership, the Dcm
shall verify that the message length fits to the size given in the parameters length-
OfProofOfOwnershipClient and lengthOfEphemeralPublicKeyClient and return a NRC
0x13 if the size does not match. c()
[SWS_Dcm_01511] Client proof of ownership verification d On reception of an
Authentication (0x29) service with sub-function equal to proofOfOwnership, the Dcm
shall verify the client’s proof of ownership data provide in the request by calling
Csm_SignatureVerify with the following in-parameters:
jobId: DcmDspAuthenticationVerifyProofOfOwnerShipClientJobRef ->
CsmJob.CsmJobId
mode: set to CRYPTO_OPERATIONMODE_SINGLECALL
dataPtr: challenge generated [SWS_Dcm_01493]
dataLength: length of the challenge generated in [SWS_Dcm_01493]
signaturePtr: proofOfOwnerShipClient from request
signatureLength: lengthOfProofOfOwnerShipClient from request
c()
[SWS_Dcm_01512] Failed ownership verification d If the result of
Csm_SignatureVerify from [SWS_Dcm_01511] is Crypto_VerifyResultType equal
to CRYPTO_E_VER_NOT_OK, the Dcm shall send a negative response with NRC
’Ownership verification failed’. c()
[SWS_Dcm_01513] SessionKey support d Upon sending a positive response for an
authentication request with sub-function equal to proofOfOwnership, the Dcm shall:
• set all bytes of lengthOfSessionKeyInfo to 0x00
• omit the sessionKeyInfo
c()
Set current role
[SWS_Dcm_01514] Update the current role d If the proof of ownership verification
in [SWS_Dcm_01511] was successful and resulted in CRYPTO_E_VER_OK, the Dcm
shall use the value read from the certificate extension DcmDspAuthentication-
RoleElementRef as new role for the current authenticated state. c()
[SWS_Dcm_01515] Role size check d If the size of the read role information in
[SWS_Dcm_01514] is different than the size in DcmDspAuthenticationRoleSize,
the Dcm shall send a negative response with NRC ’Certificate verification failed - Invalid
Content’. c()
Set white list
The roles transmitted inside the certificates are used to assign a tester on one con-
nection one or more roles. A single role itself is presented by a certain bit within the
bitfield representation of the role. Within the Dcm there is static role assignment to each
diagnostic service. A service can be executed if at least one role (bit) assigned to a
service matches a role (bit) in the certificate.
[SWS_Dcm_CONSTR_6088] Supported role sizes d The parameter DcmDspAu-
thenticationRoleSize defines the size in bytes used in both, certificates and ECU
internal static role configuration. All role parameters (e.g. DcmDspServiceRole) shall
have values that would fit in the amount of bytes given by DcmDspAuthentication-
RoleSize. c()
[SWS_Dcm_01521] Integer interpretation of roles in certificates d The Dcm shall
interpret all configured role integer values in the little endian format. c()
[SWS_Dcm_01522] Role verification d Upon each role verification, the Dcm shall
make a bitwise ’and’ operation on the role provided in the certificate for that connection
and the role assigned to the service. If the result is greater than 0, the Dcm shall treat
the service as allowed to be executed. c()
[SWS_Dcm_01523] Failed role verification d Upon each role verification, the Dcm
shall make a bitwise ’and’ operation on the role provided in the certificate for that con-
nection and the role assigned to the service. If the result is equal to 0, the Dcm shall
stop the processing of that service and send a negative response ’authenticationRe-
quired’. c()
An example of roles in certificates and services with assigned certificates is given in
Figure 7.10. The provided certificate uses 1 byte for roles, with 5 role definitions in.
The certificate will grant the tester rights for the roles ’AfterSales’ and ’ExtendedUser’.
With that certificate, the tester can execute the services that have the corresponding
permissions to be executed in that roles. In that example, the service 0x28 and 0x11
01 are both allowed to be executed. The routine with identifier 0x5678 is only allowed
to be executed in role ’production’, the Dcm will deny the execution with NRC ’authenti-
cationRequired’.
Besides the use of roles, the certificates can get extended with optional white lists
for service execution. This allows the issuer of the certificate to extend the range of
allowed services without updating the access lists in the ECU.
The white list is build out of the following elements:
• List of allowed services, 1-4 byte each
• List of allowed data identifiers (DID) and access information, 3 byte each
• List of allowed routine identifiers (RID) and access information, 3 byte each
• List of allowed user defined fault memories, 1 byte each
Parsing and access to the different elements of the white lists is done by
invoking KeyM_CertElementGetFirst and KeyM_CertElementGetNext according to
[SWS_Dcm_01517].
[SWS_Dcm_01524] White list for services definition d The white list for services is
a set of values, each consisting of up to 4 bytes. Each value itself contains the first
bytes of a diagnostic service that is allowed be executed. c()
Example:
In the following example, a white list section within a certificate is shown. It contains 5
additional services that can be executed:
1 ...
2 SEQUENCE (1 elem)
3 SEQUENCE (2 elem)
4 OBJECT IDENTIFIER 3.9.3.345.3.1.3453.24.3.9.355.73
5 SET (6 elem)
6 OCTET STRING (1 byte) 85
7 OCTET STRING (2 byte) 1101
8 OCTET STRING (3 byte) 22123A
9 OCTET STRING (3 byte) 2E123A
10 OCTET STRING (4 byte) 310113F4
11 SEQUENCE (3 elem) ....
shall contain in the first two bytes the DID number and in the third byte the following
access definitions:
• Bit 0: Read access
• Bit1: Write access
• Bit2: Control access (by InputOutputControlByIdentifier)
A bit value of 0 means that the operation is forbidden, a bit value of 1 means that the
operation is allowed. All not used bits (3-7) shall be set to zero.
DID numbers are always in big endian format (MSB first). c()
Example:
DID read operations are performed from various UDS services. Dcm checks on each
DID read the access to that DID.
[SWS_Dcm_01526] White list definition for RIDs d The white list for RIDs defines
the set of routine identifiers that have access to the sub-functions startRoutine, sto-
pRoutine and requestRoutineResult. Each entry shall contain in the first two bytes the
RID number and in the third byte the following access definitions:
• Bit 0: Access to sub-function ’startRoutine’
• Bit1: Access to sub-function ’stopRoutine’
• Bit2: Access to sub-function ’requestRoutineResult’
A bit value of 0 means that the sub-function is forbidden, a bit value of 1 means that
the sub-function is allowed. All not used bits (3-7) shall be set to zero.
RID numbers are always in big endian format (MSB first). c()
Example:
[SWS_Dcm_01527] White list definition for MemorySelection d The white list mem-
ory selection is used for the UDS service 0x19 with sub-functions 0x17, 0x18 and 0x19.
The value in the white list defines the accepted parameter values for MemorySelection
in the UDS request. c()
7.5.2.10.6 AuthenticationConfiguration
[SWS_Dcm_00254] d The DSP submodule shall implement the UDS Service Read-
DataByPeriodicIdentifier (0x2A) c(SRS_Diag_04215)
Note: The periodic responses will only contain the DID and its data, and no Service
ID (no A_PCI byte).
[SWS_Dcm_01101] d All periodic responses (scheduled responses, not the initial re-
sponse) will use dedicated IF-PDU’s and transmission will be done through PduR. Each
time PduR_DcmTransmit is called the data pointer shall be valid. c(SRS_Diag_04215)
[SWS_Dcm_00255] d The Dcm module shall implement the UDS Service WriteDataByI-
dentifier (0x2E) of the Unified Diagnostic Services. c()
When using Service 0x2E, the request of the tester contains a 2-byte DID and a
dataRecord with the data to be written. The configuration of the Dcm contains a list
of supported DIDs and defines for each configured DID:
• The 2-byte DID (see configuration parameter DcmDspDidIdentifier)
• For every data of the DID:
– The function WriteData to be used for this data (see configuration parame-
ters DcmDspDataWriteFnc and DcmDspDataUsePort)
[SWS_Dcm_00256] d The Dcm module shall implement the UDS Service InputOutput-
ControlByIdentifier (0x2F). c(SRS_Diag_04218)
When using Service 0x2F, the request of the tester contains a 2-byte DID.
The configuration of the Dcm contains a list of supported DID’s. For each DID, the Dcm
configuration specifies:
• The 2-bytes DID (see configuration parameter DcmDspDidIdentifier)
• For every data of the DID :
– The function Xxx_ReturnControlToECU() for this data (see configuration pa-
rameters DcmDspDataReturnControlToEcuFnc and DcmDspDataUse-
Port)
– The function Xxx_ResetToDefault() for this data (see configuration parame-
ters DcmDspDataResetToDefaultFnc and DcmDspDataUsePort)
– The function Xxx_FreezeCurrentState() for this DID (see configuration pa-
rameters DcmDspDataFreezeCurrentStateFnc and DcmDspDataUse-
Port)
– The function Xxx_ShortTermAdjustment() for this DID (see configura-
tion parameters DcmDspDataShortTermAdjustmentFnc and DcmDsp-
DataUsePort)
[SWS_Dcm_CONSTR_6086] Signals for DIDs with Atomic S/R are not shared
with other DIDs d If a DcmDspDid is configured to have an atomic S/R interface, all
DcmDspDataElements referenced by this DID shall be referenced only from this DID.
c(SRS_Diag_04218)
[SWS_Dcm_CONSTR_6050] d If a DcmDspDid is used in service 0x2F and is con-
figured to have an atomic S/R interface, the DcmDspDidControlMask shall be set to
DCM_CONTROLMASK_EXTERNAL and the parameter DcmDspDidControlMaskSize
shall be present with a value greater than zero. c()
[SWS_Dcm_00680] Mapping of internal ControlEnableMaskRecord to DID data
elements d If DcmDspDidControlMask is set to DCM_CONTROLMASK_INTERNAL,the
ControlEnableMaskRecord shall be mapped to the DID data elements by applying the
following mapping :
• The most significant bit of the first byte of the ControlEnableMask shall corre-
spond to the first DID data element
• The second most significant bit of the first byte of the ControlEnableMask shall
correspond to the second DID data element and continuing on in this fashion
utilizing as many ControlEnableMask bytes as necessary to map all DID data
elements.
c(SRS_Diag_04218)
The controlEnableMaskRecord is only present, if the DataIdentifer supports more than
one signal.
The Dcm supports atomic S/R interfaces activated by the configuration DcmD-
spDidUsePort set to USE_ATOMIC_SENDER_RECEIVER_INTERFACE or
USE_ATOMIC_SENDER_RECEIVER_INTERFACE_AS_SERVICE. In the text and
requirements of this chapter the term ’atomic S/R interface’ for IO control means that
the IO controlled DID is configured to one of the two choices.
[SWS_Dcm_01434] IOControl General execution sequence d On reception of a re-
quest for UDS Service InputOutputControlByIdentifier (0x2F) the Dcm shall first exe-
cute the service verifications according to [SWS_Dcm_00563], [SWS_Dcm_00565],
[SWS_Dcm_00566], [SWS_Dcm_00567] and on successful passing the verifications
start the configured service processing. c(SRS_Diag_04218)
[SWS_Dcm_00396] d On reception of a request for UDS Service InputOut-
putControlByIdentifier (0x2F) with inputOutputControlParameter equal
to returnControlToEcu, the Dcm module shall invoke all impacted con-
figured function of the controlEnableMaskRecord (if parameter DcmDsp-
DataUsePort set to USE_DATA_SYNCH_FNC or USE_DATA_ASYNCH_FNC
or USE_DATA_ASYNCH_FNC_ERROR; see configuration parameter DcmDsp-
DataReturnControlToEcuFnc). Alternatively call all the associated Re-
turnControlToECU operations (if parameter DcmDspDataUsePort set to
USE_DATA_SYNCH_CLIENT_SERVER or USE_DATA_ASYNCH_CLIENT_SERVER
[SWS_Dcm_01435] which are not support by the new security level anymore. c
(SRS_Diag_04119)
[SWS_Dcm_01435] Dcm cancel IO control sequence d If the Dcm needs to
cancel an active IO control due to [SWS_Dcm_00858], [SWS_Dcm_00628] or
[SWS_Dcm_00859], the Dcm shall do the following:
• For controlled data elements with DcmDspDataUsePort set to
USE_ECU_SIGNAL: call to IoHwAb_Dcm_<symbolic ECU signal name>()
with ’action’ parameter set to ReturnControlToECU.
• For controlled data elements with DcmDspDataUse-
Port set to USE_DATA_ASYNCH_CLIENT_SERVER or
USE_DATA_SYNCH_CLIENT_SERVER or USE_DATA_ASYNCH_CLIENT_SERVER_ERROR:
call the C/S interface operation ReturnControlToECU.
• For controlled data elements with DcmDspDataUsePort set
to USE_DATA_SYNCH_FNC or USE_DATA_ASYNCH_FNC or
USE_DATA_ASYNCH_FNC_ERROR: call the configured function
Xxx_ReturnControlToECU (see parameter DcmDspDataReturnControlToE-
cuFnc)
• For controlled DIDs with is configured atomic S/R interfaces: update the data
element IOOperationRequest with inputOutputControlParameter = 0x00, the
controlEnableMask = 0xFFFFFFFF1 and data element underControl = 0x00.
c(SRS_Diag_04119)
[SWS_Dcm_00640] d To serialize the required AUTOSAR data types (signed- and
unsigned integer) from the request message (in case of inputOutputControl-
Parameter is set to ’shortTermAdjustment’) / into the response message of UDS
Service InputOutputControlByIdentifier responses, the target endianness configured
in DcmDspDataEndianness shall be considered for DcmDspData elements hav-
ing DcmDspDataUsePort set to USE_ECU_SIGNAL. In case DcmDspDataEndian-
ness is not present, the DcmDspDataDefaultEndianness shall be used instead. c
(SRS_Diag_04218)
[SWS_Dcm_00682] d The controlState in the ControlStatusRecord for positive re-
sponse message of IoControl service shall be retrieved using the associated Read-
Data operation/function/SenderReceiver after application processing on the IO control
request is positively finalized. c(SRS_Diag_04218)
Beside the Client/Server interface, the Dcm provides the SenderReceiver interface IO-
ControlRequest_{DID}. The underControl data element of this interface is cal-
culated by the Dcm with one state bit for each data element identical to the CEMR.
Applications can directly derive the active control enable status without the need to
maintain internal states.
1
The size of the mask depends on the parameter DcmDspDidControlMaskSize
The bit-mask underControl contains the accumulated status about which data ele-
ments of this particular I/O is currently under diagnostic control. The normal operation
state could be derived if the value of underControl is set to 0x00 (which is the ini-
tial value). Each set bit indicates a data element which is under diagnostic control via
FreezeCurrentState, ’ResetToDefault’ or ’ShortTermAdjustment’.
[SWS_Dcm_01436] Calculation of the underControl data element d The Dcm shall
calculate the underControl data element of the S/R interface IOControlRe-
quest_{DID}. The underControl is a bitfield of the same size than the CEMR of the
controlled DID. Each bit represents the same data element as in the CEMR. A value of
0 indicates, that the corresponding data element is currently not controlled by the Dcm,
a value of 1 indicates that it is controlled. The initial value is 0, each control request
for a data element with inputOutputControlParameter equal to ResetToDe-
fault, FreezeCurrentState or ShortTermAdjustment will set the correspond-
ing bit value to 1, and each control request with inputOutputControlParameter
set to ReturnControlToECU will set the bit value to 0. c(SRS_Diag_04218)
With each I/O Control request a command IOOperationRequest is provided to the
application to update the input or the respective output. IOOperationRequest con-
tains the inputOutputControlParameter, the controlEnableMask and in case
of ShortTermAdjustment the controlState.
To identify that previous operation has finished (e.g Write IOControlRequest_DID), the
user can use the update flag mechanism from the RTE.
The application needs to update their output values and finalizes the request with the
response message IOOperationResponse to the Dcm. The possible values are:
• 0x00 positive response (similar to E_OK)
• 0x10 generalReject
• 0x21 busyRepeatRequest
• 0x22 conditionsNotCorrect
• 0x26 FailurePreventsExecutionOfRequestedAction
• 0x31 requestOutOfRange
• 0x78 ResponsePending (similar to E_PENDING)
• 0xFF Idle - no request present
Based on this respoinse message the Dcm will:
1. wait for final processing (0x78)
2. send a positive response message (0x00)
3. send a negative response message (all other values, except 0xFF)
[SWS_Dcm_00257] d The Dcm module shall implement the UDS Service RoutineCon-
trol (0x31) for subFunctions startRoutine, stopRoutine and requestsRoutineResults. c
()
A tester can use UDS Service 0x31 to start, stop or obtain the results of a routine
identified by a 2-byte routineIdentifier. The Dcm module configuration contains a list
of the routineIdentifiers (see configuration parameter DcmDspRoutineIdentifier)
supported by the DCM. For each routineIdentifier, the Dcm configuration specifies:
• The function Xxx_Start() associated with this routineIdentifier (see configuration
parameters DcmDspStartRoutineFnc and DcmDspRoutineUsePort)
• List of signal available in the request and in the response (see configuration pa-
rameters DcmDspStartRoutineIn and DcmDspStartRoutineOut)
• The function Xxx_Stop() associated with this routineIdentifier (see configuration
parameters DcmDspStopRoutineFnc and DcmDspRoutineUsePort)
• List of signal available in the request and in the response (see configuration pa-
rameters DcmDspStopRoutineIn and DcmDspStopRoutineOut)
• The function Xxx_RequestResults() associated with this routineIdentifier (see
configuration parameters DcmDspRequestRoutineResultsFnc and DcmD-
spRoutineUsePort)
• List of signal available in the request and in the response (see configuration
parameters DcmDspRequestRoutineResultsIn and DcmDspRequestRou-
tineResultsOut)
[SWS_Dcm_01442] d If DcmDspRoutineUsePort is set to true, the Dcm shall
use the C/S interfaces RoutineServices_{RoutineName} [SWS_Dcm_00690].c
(SRS_Diag_04224)
the Dcm module shall send NRC 0x13 (Incorrect message length or invalid format) to
the tester. c()
[SWS_Dcm_01141] d The Dcm shall call the appropriate routine functions of the
SWC after having performed the total length check and the Mode rules, security level
and session checks (DcmDspStartRoutineCommonAuthorizationRef, DcmD-
spStopRoutineCommonAuthorizationRef and DcmDspRequestRoutineRe-
sultsCommonAuthorizationRef). c()
Note: Subsequent checks have to be performed by the SWC.
[SWS_Dcm_01194] d On reception of the UDS Service RoutineControl (0x31), for ev-
ery requested RID inside the OBD range (E000-E0FF), the Dcm shall implicitly allow
sub-function StartRoutine. c()
[SWS_Dcm_00701] d On reception of the UDS Service RoutineControl (0x31), for
every requested RID inside the OBD range (E000-E0FF) and usage of UDS inter-
face, the Dcm module shall use the routineInfo byte value from the configuration (see
ECUC_Dcm_01063) in the response to the tester. c()
[SWS_Dcm_01330] d If DcmDspEnableObdMirror is set to true, an explicitly config-
ured RID inside the OBD range (E000-E0FF) shall use the UDS interface. c()
[SWS_Dcm_01331] d If DcmDspEnableObdMirror is set to false, all requests within
the OBD RID range shall use the UDS interface. c()
[SWS_Dcm_01332] d On reception of the UDS Service RoutineControl (0x31), for ev-
ery requested RID inside the OBD range (E000-E0FF), the Dcm module shall handle
the RID as defined for OBD Service $08 (see [SWS_Dcm_00418], [SWS_Dcm_00947],
[SWS_Dcm_00419], [SWS_Dcm_00420], [SWS_Dcm_00948], [SWS_Dcm_01192]) if
DcmDspEnableObdMirror is set to true and RID not explicitly configured. c()
[SWS_Dcm_01333] d On reception of the UDS Service RoutineControl (0x31), for
every requested RID inside the OBD range (E000-E0FF) and usage of OBD in-
terface, the Dcm shall use the routineInfo byte value from the configuration (see
ECUC_Dcm_01078) in the response to the tester. c()
If DcmDspEnableObdMirror is set to FALSE or the RID is explicitly configured inside
the OBD TestId range (E000-E0FF), the access to the OBD data shall be given in the
following way:
[SWS_Dcm_01390] d On reception of an UDS Service RoutineControl (0x31) request
with one or more ”availability OBDTestIds” as parameter, the Dcm module shall respond
with the corresponding supported (=configured) RIDs. c()
[SWS_Dcm_01391] d On reception of an UDS Service RoutineControl (0x31) request
”availability OBDTestIds” together with other OBDTestIds as parameter, the Dcm mod-
ule shall ignore the request. c()
[SWS_Dcm_01392] d On reception of an UDS Service RoutineControl (0x31) request
with a OBDTestIds that is not an ”availability OBDTestIds”, the Dcm module shall invoke
the configured Xxx_Start() function. c()
[SWS_Dcm_01393] d As specified in [3, SAE J1979], unused data bytes shall be filled
with $00. c()
[SWS_Dcm_01394] d If Xxx_Start() doesn’t return E_OK, the Dcm shall return NRC
0x22. c()
[SWS_Dcm_00668] d If the operation Start() returns value E_NOT_OK, the Dcm mod-
ule shall send a negative response with NRC code equal to ErrorCode parameter value.
c()
[SWS_Dcm_00669] d If the operation Start() returns value DCM_E_FORCE_RCRRP,
the Dcm module shall start the transmission of NRC 0x78. c()
[SWS_Dcm_00670] d If the operation Stop() returns value E_NOT_OK, the Dcm mod-
ule shall send a negative response with NRC code equal to ErrorCode parameter value.
c()
[SWS_Dcm_00671] d If the operation Stop() returns value DCM_E_FORCE_RCRRP,
the Dcm module shall start the transmission of NRC 0x78. c()
[SWS_Dcm_00672] d If the operation RequestResults() returns value E_NOT_OK, the
Dcm module shall send a negative response with NRC code equal to ErrorCode param-
eter value. c()
[SWS_Dcm_00673] d If the operation RequestResults () returns value
DCM_E_FORCE_RCRRP, the Dcm module shall start the transmission of NRC
0x78. c()
[SWS_Dcm_CONSTR_6071] Dependency for DcmDspStartRoutineFnc, DcmD-
spStopRoutineFnc, DcmDspRequestRoutineResultsFnc, DcmDspStartRou-
tineConfirmationFnc, DcmDspStopRoutineConfirmationFnc d The following
configuration parameters shall only be present if DcmDspRoutineUsePort is set to
FALSE.
• DcmDspStartRoutineFnc
• DcmDspStopRoutineFnc
• DcmDspRequestRoutineResultsFnc
• DcmDspStartRoutineConfirmationFnc
• DcmDspStopRoutineConfirmationFnc
c()
[SWS_Dcm_00251] d The Dcm module shall implement the Tester Present (service
0x3E, diagnostic communication and security) of the Unified Diagnostic Services for
the subfunction values 0x00 and 0x80. c()
[SWS_Dcm_01558] d The Dcm shall process the UDS service 0x3E (TesterPresent)
independently from the current authentication state. c()
This service is used to keep one or multiple servers in a diagnostic session being
different than the defaultSession.
Note: the callout function can, if needed, return also other NRC but the ones above
won’t be treated by the Dcm module.
[SWS_Dcm_00757] d If the operation Xxx_ProcessRequestDownload returns
value E_NOT_OK, the Dcm module shall send a negative response with NRC code
equal to the parameter ErrorCode parameter value. c()
[SWS_Dcm_01417] d Upon calling Xxx_ProcessRequestDownload, the Dcm shall
write the maximum possible buffer size into the BlockLength parameter. c
(SRS_Diag_04033)
[SWS_Dcm_01418] d If the function call Xxx_ProcessRequestDownload re-
turns a requested buffer length larger than the supported buffer length
of the current protocol connection, the Dcm shall report the Det error
DCM_E_INTERFACE_BUFFER_OVERFLOW. c(SRS_Diag_04033) For definition of
DCM_E_INTERFACE_BUFFER_OVERFLOW see Table 7.1.
[SWS_Dcm_01419] d If the function call Xxx_ProcessRequestDownload returns a
requested buffer length smaller or equal than the supported buffer length of the current
protocol connection, the Dcm shall return the BlockLength value within the maxNum-
berOfBlockLength parameter of the positive response. c(SRS_Diag_04033)
Note: the callout function can, if needed, return also other NRC but the ones above
won’t be treated by the Dcm module.
[SWS_Dcm_00758] d If the operation Xxx_ProcessRequestUpload returns value
E_NOT_OK, the Dcm module shall send a negative response with NRC code equal to
the parameter ErrorCode parameter value. c()
[SWS_Dcm_01420] d Upon calling Xxx_ProcessRequestUpload, the Dcm shall
write the maximum possible buffer size into the BlockLength parameter. c
(SRS_Diag_04033)
[SWS_Dcm_01421] d If the function call Xxx_ProcessRequestUpload re-
turns a requested buffer length larger than the supported buffer length
of the current protocol connection, the Dcm shall report the Det error
Note: the callout function can, if needed, return also other NRCs but the ones above
won’t be treated by the Dcm module.
Note: the callout function can, if needed, return also other NRC but the ones above
won’t be treated by the Dcm module.
[SWS_Dcm_00759] d If the operation Xxx_ProcessRequestTransferExit re-
turns value E_NOT_OK, the Dcm module shall send a negative response with NRC
code equal to the parameter ErrorCode parameter value. c()
An external test tool can request an ECU to either disable or enable DTC storage in the
ECUs error memory by sending a UDS Service 0x85 request with sub-function 0x01
("ON") or 0x02 ("OFF").
[SWS_Dcm_00249] d The Dcm module shall implement UDS Service ControlDTCSet-
ting (0x85) to enable or disable the storage of DTCs in the ECUs error memory. c
(SRS_Diag_04159)
[SWS_Dcm_01399] d If the Dcm receives a ControlDTCSetting (0x85) service with
DTCSettingControlOptionRecord != 0xFFFFFF, the Dcm shall send a NRC 0x31
(RequestOutOfRange).c(SRS_Diag_04159)
[SWS_Dcm_01063] d On reception of UDS Service 0x85 with subfunction 0x01 (DTC-
SettingType "ON"), the Dcm shall call Dem_EnableDTCSetting() with ClientId = Client
Id for this Dcm instance (see DcmDemClientRef). c(SRS_Diag_04115)
[SWS_Dcm_00783] d In case of Dem_EnableDTCSetting returns
E_OK (see [SWS_Dcm_01063]), the Dcm shall invoke a mode
switch of the ModeDeclarationGroupPrototype DcmControlDTC-
Setting by calling SchM_Switch_<bsnp>_DcmControlDTCSetting
(RTE_MODE_DcmControlDTCSetting_ENABLEDTCSETTING). c()
[SWS_Dcm_00406] d On reception of UDS Service 0x85 with subfunction 0x02 (DTC-
SettingType "OFF"), the Dcm shall call Dem_DisableDTCSetting() with ClientId = Client
Id for this Dcm instance (see DcmDemClientRef). c(SRS_Diag_04115)
7.5.3.1 Overview
The following table defines the OBD Services supported by the DCM.
Relevant OBD Ser- Support in the DCM
vice Identifier
$01 Supported
$02 Supported
$03 Supported
$04 Supported
$06 Supported
$07 Supported
$08 Supported
$09 Supported
$0A Supported
In many cases, the Dcm protocol allows the bundling of several requests (for example
several "PIDs") and the corresponding bundling of the responses. The descriptions of
the behavior for the individual services do not explicitly consider this. As the Dcm needs
to comply with OBD standard (as is defined through various requirements below), the
Dcm might need to repeat the steps defined below to parse a request and assemble a
valid response.
In a vehicle there can be 3 different types of OBD ECUs:
• Master ECU (one per vehicle)
• Primary ECU (several per vehicle)
• Dependent / Secondary ECUs (several per vehicle)
From the Basic Software point of view Dependent / Secondary ECUs doesn’t need any
specific OBD functionality. In Dependent / Secondary ECUs OBD-relevant information
will not be stored in the Basic Software (e.g. no direct communication with the scan
tool). The respective OBD functionality might be handled in Dependent / Secondary
ECUs by a SWC.
The following OBD requirements are only valid for Master and Primary ECUs. If neces-
sary the OBD requirements differentiate between Master and Primary Requirement.
The following table gives an overview about which OBD functionality must be supported
in a Master ECU, Primary ECU or Dependent / Secondary ECU:
Functionality Master ECU Primary ECU Dependent /
Secondary ECU
OBD Scantool Yes Yes No
Communication
[SWS_Dcm_00077] d When calling the DEM module for OBD services, the Dcm
module shall use the following values for the parameter DTCOrigin:
Service $0A uses DEM_DTC_ORIGIN_PERMANENT_MEMORY
All other services use DEM_DTC_ORIGIN_OBD_RELEVANT_MEMORY c
(SRS_Diag_04058)
[SWS_Dcm_00243] d The Dcm module shall implement the OBD service $01 (Request
Current Powertrain diagnostic Data) in compliance to all provisions of the OBD standard.
c()
Using Service $01, an external test tool can request an emission-related ECU to return
PID-values or to return the supported PIDs. OBD reserves certain PIDs for the special
purpose of obtaining the list of available PIDs in a certain range. These PIDs are called
"availability PIDs" and are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
The Dcm collects the PID information from 1 to n SW-Cs. This applies in particular
for PIDs which contain several data values for potentially different sources. Example:
PID$83 reports Nox Sensor Data for sensor 1 and sensor 2 in one composed PID
which might come from different SW-C.
The Dcm configuration defines the PIDs that are available on the ECU. The Dcm con-
figuration defines for each such PID:
• The PID Identifier (see configuration parameter DcmDspPidIdentifier)
• Indication of the PID is used or not (for postbuild configuration) (see configuration
parameter DcmDspPidUsed)
• The size of the PID (see configuration parameter DcmDspPidSize)
• The supported information for this PID (see configuration parameter DcmDsp-
PidSupportInfo)
• List of data (DcmDspPidData) for the PID with the following configuration for
every data
– The length of the data associated with the PID (see configuration parameter
DcmDspPidDataByteSize)
– The position of the data in the PID (see configuration parameter DcmDsp-
PidByteOffset)
– The reference to the supported information container (see configuration pa-
rameter DcmDspPidDataSupportInfo)
– The Xxx_ReadData() function that the Dcm must call to obtain the current
value of the data or the name of the port that the Dcm uses to obtain the
current value through the RTE from a SW-C (see configuration parameters
DcmDspPidDataReadFnc and DcmDspPidDataUsePort)
[SWS_Dcm_00407] d On reception of an OBD Service $01 request with only "avail-
ability PIDs" as parameter, the Dcm shall respond with the corresponding supported
(=configured) PIDs encoded according to the OBD standard. c()
To obtain the value for a PID, the Dcm uses the configured Xxx_ReadData() functions
for every data of the PID. To provide OBD Service $01, the Dcm relies on external
functions that allow it to obtain the value of the PIDs. There is one such function per
data of every PID that is needed by the DCM.
When using a Xxx_ReadData() function, the Dcm provides a buffer of the correct length,
which is filled by the function with the data PID value.
[SWS_Dcm_00408] d On reception of an OBD Service $01 request with only PIDs
that are not "availability PIDs", the Dcm shall obtain the current value of these PIDs by
invoking the configured Xxx_ReadData() functions for every data of the PID and shall
return these values as response to Service $01. c()
[SWS_Dcm_00943] d On reception of an OBD Service $01 request with a mixure of
"avalibility PIDs" and not "avalibility PIDs", this request shall be ignored by the Dcm. c
()
The entity providing the actual implementation of the Xxx_ReadData() function for a
specific signal of a PID might be a SW-C or another basic software module. The origin
of the function is not known to the Dcm but is part of the Dcm configuration. Some
PIDs are provided by the DEM. These PIDs are also explicitly configured in the Dcm
configuration and it is the responsibility of a correct Dcm configuration to make the
Xxx_ReadData() function point to the correct function provided by the DEM.
[SWS_Dcm_CONSTR_6069] Dependency for DcmDspPidDataReadFnc d DcmD-
spPidDataReadFnc shall be only present if DcmDspPidDataUsePort is set to
USE_DATA_SYNCH_FNC. c()
For certain PIDs, the Dem provides the function to obtain the PID value. Which PIDs
come from the Dem are part of the Dcm configuration.
Note: For PIDs where Dem provides the function, DcmDspPidDataUsePort for that
PID should be set to USE_DATA_SYNCH_FNC and DcmDspPidDataReadFnc shall
point to the function Dem_DcmReadDataOfPID<NN> where <NN> represents the Id
of the PID.
The data byte A of the PIDs contain the support status of the subsequent data bytes.
Since not all data values might be available due to the particular vehicle configuration
(e.g. there is only a Nox-sensor 1 available in the vehicle in the example above), the
PID response contains in this data byte A the information about the support status of
the following data values. Note, that the PIDs always contain the same number of bytes
- even if not all values are really available.
[SWS_Dcm_00621] d If a PID contains support information (presence of DcmDsp-
PidDataSupportInfo container) the Dcm shall add the support information in the
diagnostic response. c()
[SWS_Dcm_00622] d If a PID contains support information (presence of DcmDspPid-
DataSupportInfo container) the Dcm shall calculate the support information value
according to the available data for this PID: for every DcmDspPidData container ex-
isting for this PID, the associated support information bits, referenced in DcmDspPid-
DataSupportInfo, shall be set to one c()
The response to the OBD-tester needs to be composed out of the available data values.
Data bytes that are not provided by an SW-C need to be replaced with fill-byte to obtain
a complete PID contents.
[SWS_Dcm_00623] d When responding to OBD Service $01, the Dcm shall put fill-bytes
between DcmDspPidData in the PID whenever content bytes are missing in order to
fit to the PID size (see configuration parameter DcmDspPidSize). c()
[SWS_Dcm_00944] d The Dcm shall set the fill bytes to 0x00. c()
Note: If other fill-bytes than 0x00 are needed by legistlation, the application has to
provide the value of the fill-byte.
[SWS_Dcm_00718] d To serialize the required AUTOSAR data types (signed-
and unsigned integer) into the response message of OBD Service $01 responses
the target endianness configured in DcmDspPidDataEndianness shall be con-
sidered for DcmDspPidData elements having DcmDspPidDataUsePort set to
USE_DATA_SENDER_RECEIVER or USE_DATA_SENDER_RECEIVER_AS_SERVICE.
In case DcmDspPidDataEndianness is not present, the DcmDspDataDefault-
Endianness shall be used instead. c()
[SWS_Dcm_CONSTR_6068] Dependency for DcmDspPidDataEndianness d In
case DcmDspPidDataEndianness is not present, the DcmDspDataDefaultEndi-
anness shall be used instead. c()
[SWS_Dcm_00244] d The Dcm shall implement OBD Service $02 (Request Power Train
FreezeFrame Data) in compliance to all provisions of the OBD standard. c()
For OBD-relevant FreezeFrames AUTOSAR only supports frame 0, which is the mini-
mum required by legislation.
[SWS_Dcm_00409] d The Dcm shall ignore all requests regarding record-numbers that
are not 0 c()
[SWS_Dcm_00972] d On reception of an OBD Service $02 request with a mixure of
"availability PIDs" and not "availability PIDs", this request shall be ignored by the Dcm.
c()
[SWS_Dcm_00973] d When responding to OBD Service $02, the Dcm shall put fill-bytes
between DcmDspPidData in the PID whenever content bytes are missing in order to
fit to the PID size (see configuration parameter DcmDspPidSize). c()
[SWS_Dcm_00974] d The Dcm shall set the fill bytes to 0x00. c()
Note: If other fill-bytes than 0x00 are needed by legislation, the application has to
provide the value of the fill-byte.
The following sections define how specific PIDs are handled by the Dcm.
An external tester can request the DTC that caused a FreezeFrame to be stored by
using the Service $02 with the PID value $02.
[SWS_Dcm_00279] d On reception of a request for Service $02 with PID $02, the Dcm
shall call Dem_DcmGetDTCOfOBDFreezeFrame() with FrameNumber set to 0x00 to
get the DTC number. c(SRS_Diag_04058)
The Dem module returns the corresponding DTC. Note that this 2-byte DTC is packed
into the 4-byte data returned by the call to Dem_DcmGetDTCOfOBDFreezeFrame ().
see Dem specification on how this is done.
[SWS_Dcm_01061] d If Dem_DcmGetDTCOfOBDFreezeFrame returns E_NOT_OK,
the Dcm shall answer positively with $0000 (indicates no stored freeze frame data). c()
Using Service $02, an external tester may request the supported PIDs for a specific
freeze-frame by using the "availability PIDs".
Using Service $02, an external tester may request the values of specific PIDs in specific
FreezeFrames.
[SWS_Dcm_00286] d On reception of a service $02 request with a
PID that is not an "availability PID" and is not $02, the Dcm shall call
Dem_DcmReadDataOfOBDFreezeFrame() for every data of the PID with the
following parameter values:
• PID = the PID received in the OBD request
• DestBuffer = a buffer in which the callee can write the value of the PID
• BufSize = the size of the DestBuffer, this must be at least equal to the size needed
to store the value of the PID as configured in the DCM
• DataElementIndexOfPid = implicit index (from 0 to n) of the DataElement calcu-
lated by Dcm according to the order of the DataElement positions in the PID (see
parameter DcmDspPidByteOffset)
c()
Note that is not necessary for the Dcm module to lock or unlock the record updates of
the Dem module.
[SWS_Dcm_00287] d Upon the completion of [SWS_Dcm_00286], the Dcm shall gen-
erate a response message including the respective PID, FreezeFrame Number and
the associated data record for the requested FreezeFrame number. c()
[SWS_Dcm_01252] d If Dem_DcmReadDataOfOBDFreezeFrame() returns
E_NOT_OK and a single PID is requested, the Dcm shall not provide any answer. c()
[SWS_Dcm_01253] d If Dem_DcmReadDataOfOBDFreezeFrame() returns
E_NOT_OK and all PIDs from the requested multiple PID(s) are not supported,
the Dcm shall not provide any answer. c()
[SWS_Dcm_01254] d If Dem_DcmReadDataOfOBDFreezeFrame() returns
E_NOT_OK and at least one PID from the requested multiple PID(s) is sup-
ported, the Dcm shall send a positive response including the data of the supported
PID(s). c()
[SWS_Dcm_00245] d The Dcm module shall implement OBD Service $03 (Request
emission-related diagnostic trouble codes) in compliance to all provisions of the OBD
standard. c()
[SWS_Dcm_00410] d The Dcm module shall implement OBD Service $07 (Request
Emission-Related Diagnostic Trouble Codes Detected during Current or Last Com-
pleted Driving Cycle) in compliance to all provisions of the OBD standard. c()
[SWS_Dcm_00411] d The Dcm module shall implement OBD Service $0A (Request
Emission-Related Diagnostic Trouble Codes with Permanent Status) in compliance to
all provisions of the OBD standard. c()
An external test tool can request an emission-related ECU to report all stored, pending
or permanent emission-related DTCs by sending the request $03, $07, $0A respec-
tively.
[SWS_Dcm_00289] d When receiving a request for OBD Service $03, the Dcm module
shall obtain from the DEM all DTCs in primary memory and with a "confirmed" status
using the functions Dem_SetDTCFilter() and Dem_GetNextFilteredDTC(). c()
Note: The Dcm module can get an indication of the number of records that will be
found using Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
This allows the implementation to calculate the total size of the response before cycling
through the DTCs.
[SWS_Dcm_00412] d When receiving a request for OBD Service $07, the Dcm module
shall obtain from the DEM module all DTCs in primary memory with a "pending" status
using the functions Dem_SetDTCFilter() and Dem_GetNextFilteredDTC(). c()
Note: The Dcm module can get an indication of the number of records that will be
found using Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
This allows the implementation to calculate the total size of the response before cycling
through the DTCs.
[SWS_Dcm_00330] d When receiving a request for OBD Service $0A, the Dcm module
shall obtain from the DEM all DTCs stored in permanent memory using the functions
Dem_SetDTCFilter() and Dem_GetNextFilteredDTC(). c()
Note: The Dcm module can get an indication of the number of records that will be
found using Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
This allows the implementation to calculate the total size of the response before cycling
through the DTCs.
The following table illustrates the parameters the Dcm module must use when calling
Dem_SetDTCFilter() in response to a request for OBD Service $03, $07 or $0A.
Parameters to Dem_SetDTCFilter
OBD Service $03 $07 $0A
Parameters to Dem_SetDTCFilter
ClientId Client Id for this Dcm Client Id for this Dcm Client Id for this Dcm
instance (see instance (see instance (see
DcmDemClientRef) DcmDemClientRef) DcmDemClientRef)
DTCStatusMask 0x08 (confirmed bit 0x04(pending bit set) 0x00
set)
DTCFormat DEM_DTC_ DEM_DTC_ DEM_DTC_
FORMAT_OBD FORMAT_OBD FORMAT_OBD
DTCOrigin DEM_DTC_ORIGIN_ DEM_DTC_ORIGIN_ DEM_DTC_ORIGIN_
OBD_RELEVANT_ OBD_RELEVANT_ PERMANENT
MEMORY MEMORY
FilterWithSeverity DEM_FILTER_WITH_ DEM_FILTER_WITH_ DEM_FILTER_WITH_
SEVERITY_NO SEVERITY_NO SEVERITY_NO
DTCSeverityMask Not relevant Not relevant Not relevant
FilterForFaultDetec- DEM_FILTER_FOR_ DEM_FILTER_FOR_ DEM_FILTER_FOR_
tionCounter FDC_NO FDC_NO FDC_NO
When using paged buffer mechanism, in some case, it’s possible that the number of
DTC matching the filter change between the calculation of the total size, needed for
the first page transmission, and the sending of the further pages. For this reason, the
requirement [SWS_Dcm_00587] and [SWS_Dcm_00588] shall be considered for the
implementation of this service.
[SWS_Dcm_01227] d Dem_GetNextFilteredDTC returns
DEM_NO_SUCH_ELEMENT and at least one matching element could be re-
trieved before, the Dcm shall send a positive response including these data elements
and the number of DTCs. c()
[SWS_Dcm_01228] d If Dem_GetNextFilteredDTC returns
DEM_NO_SUCH_ELEMENT and no matching element could be retrieved be-
fore, the Dcm shall send a positive response with the number of DTCs set to 0x00. c
()
[SWS_Dcm_00246] d The Dcm module shall implement OBD Service $04 (Clear/re-
set emission-related diagnostic information) in compliance to all provisions of the OBD
standard. c()
An external test tool can request an emission-related ECU to clear the error memory
by sending the request $04.
[SWS_Dcm_00004] d When receiving a request for OBD Service $04, the Dcm module
shall call the interface Dem_SelectDTC with the following parameter values:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
• DTC = DEM_DTC_GROUP_ALL_DTCS
• DTCFormat = DEM_DTC_FORMAT_OBD
• DTCOrigin = DEM_DTC_ORIGIN_OBD_RELEVANT_MEMORY
c(SRS_Diag_04058)
Note: this interface will always return E_OK.
[SWS_Dcm_01401] d After calling Dem_SelectDTC, the Dcm shall call the interface
Dem_ClearDTC() with the following parameter value:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
c()
[SWS_Dcm_00413] d In case Dem_ClearDTC() returns E_OK, the Dcm module shall
send a positive response. c()
[SWS_Dcm_00703] d In case Dem_ClearDTC() returns DEM_PENDING, the Dcm
shall invoke Dem_ClearDTC() on next Dcm_MainFunction call again. It is up to the
Dcm to send NRC 78 (ResponsePending) to respect the response behaviour c()
[SWS_Dcm_00704] d In case Dem_ClearDTC() returns DEM_CLEAR_FAILED, the
Dcm shall send a negative response 0x22 (conditionsNotCorrect). c()
[SWS_Dcm_00967] d In case Dem_ClearDTC() returns DEM_CLEAR_BUSY, the Dcm
shall send a negative response 0x22 (ConditionsNotCorrect). c()
[SWS_Dcm_01067] d In case Dem_ClearDTC() returns
DEM_CLEAR_MEMORY_ERROR, the Dcm module shall send a negative response
0x22 (ConditionNotCorrect). c()
[SWS_Dcm_00414] d The Dcm module shall implement OBD Service $06 (Request
On-Board Monitoring Test-results for Specific Monitored Systems) in compliance to all
provisions of the OBD standard. c()
Using Service $06, an external test tool can request an emission-related ECU to return
the DTR’s associated with the OBDMID or to return the supported OBDMIDs. OBD
reserves certain OBDMIDs for the special purpose of obtaining the list of supported
OBDMIDs in a certain range. These OBDMIDs are called "availability OBDMIDs" and
are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
A tester request for supported OBDMIDs may contain up to six (6) "availability OBD-
MIDs".
The maintenance of the DTRs lies within the responsibility of the DEM. SW-Cs report-
ing DTRs use dedicated interfaces offered by the DEM. Upon requests from the tester
the Dcm retrieves the information from the DEM using dedicated DEM interfaces. There
is no direct interaction between the Dcm and SW-Cs.
[SWS_Dcm_00957] d On reception of an OBD Service $06 request with only "avail-
ability OBDMID(s)" as parameter(s), the Dcm module shall obtain the supported OB-
DMIDs by calling the Dem interface Dem_DcmGetAvailableOBDMIDs()for each "avail-
ability OBDMID ($00, $20, ...)" contained within the request and concatenate the re-
sults within the response message according to ISO-15031-5 [2]. c()
[SWS_Dcm_00958] d On reception of an OBD Service $06 request with an OBDMID
that is not an "availability OBDMID", the Dcm module shall call the DEM interface
Dem_DcmGetNumTIDsOfOBDMID() to obtain the TIDs available for the requested OB-
DMID and then recurrently call the interface Dem_DcmGetDTRData() for the number
of reported TIDs to obtain the associated DTR data. c()
[SWS_Dcm_00417] d The Dcm module shall implement OBD Service $08 (Request
Control of On-Board System, Test or Component) in compliance to all provisions of the
OBD standard. c()
Using Service $08, an external test tool can control an on-board system, test or com-
ponent using a TID. OBD reserves certain TIDs for the special purpose of obtaining the
list of supported TIDs in a certain range. These TIDs are called "availability TIDs" and
are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
The Dcm module’s configuration defines the TIDs that are available on the ECU for
the purpose of OBD Service $08. The configuration defines for each such TID (see
configuration parameter DcmDspRequestControlTestId):
• the name of the port the Dcm uses to access the RequestControlServices inter-
face (see configuration parameter DcmDspRequestControl)
• the number of bytes this function takes as input (see configuration parameter
DcmDspRequestControlInBufferSize)
• the number of bytes this function writes as output (see configuration parameter
DcmDspRequestControlOutBufferSize)
To provide OBD Service $08, the Dcm relies on external functions configured per TID.
[SWS_Dcm_00418] d On reception of an OBD Service $08 request with one or more
"availability TIDs" as parameter, the Dcm module shall respond with the corresponding
supported (=configured) TIDs. c()
[SWS_Dcm_00947] d On reception of an OBD Service $08 request "availability TIDs"
together with other TIDs as parameter, the Dcm module shall ignore the request. c()
[SWS_Dcm_00419] d On reception of an OBD Service $08 request with a TID that is not
an "availability TID", the Dcm module shall invoke the configured Xxx_RequestControl()
function with the following parameters values: InBuffer: data contained in the OBD
request (the size of which must correspond to the size configured in the Dcm module’s
configuration) OutBuffer: space in which the RequestControl function can store its
result (the size of the buffer is taken from the Dcm module’s configuration) c()
[SWS_Dcm_00420] d After the execution of [SWS_Dcm_00419], the Dcm module shall
respond to the service request using the data stored by the RequestControl function in
the OutBuffer. c()
[SWS_Dcm_00948] d As specified in [3, SAE J1979], unused data bytes shall be filled
with $00. c()
[SWS_Dcm_01192] d If Xxx_RequestControl() doesn’t return E_OK, the Dcm shall re-
turn NRC 0x22. c()
[SWS_Dcm_00421] d The Dcm module shall implement OBD Service $09 (Request
Vehicle Information) in compliance to all provisions of the OBD standard. c()
Using Service $09, an external test tool can request vehicle information or can obtain
lists of supported vehicle information. OBD reserves certain InfoTypes for the special
purpose of obtaining the list of supported InfoTypes in a certain range. These Infotypes
are called "availability InfoTypes" and are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
The Dcm module’s configuration defines the InfoTypes and associated data that are
available on one or several SW-C. The configuration defines for each such InfoType:
• The value of InfoType (see configuration parameter DcmDspVehInfoInfoType)
• For every data of the InfoType:
– The position of this data in the InfoType (see configuration parameter DcmD-
spVehInfoDataOrder)
– the size of the value of the InfoType data (see configuration parameter
DcmDspVehInfoDataSize)
– the function that the Dcm module must call to obtain the value for this Info-
Type data OR the port-name through which the Dcm module can obtain the
value for this InfoType data (see configuration parameter DcmDspVehInfo-
DataReadFnc and DcmDspVehInfoDataUsePort).
To provide OBD Service $09, the Dcm relies on external functions that allow it to obtain
the value of an InfoType data. There is one such function per InfoType data that is
needed by the DCM.
When invoking a Xxx_GetInfotypeValueData() function, the Dcm module provides a
buffer of the correct size in which the value of the InfoType data can be stored. The
entity providing the actual implementation of the Xxx_GetInfotypeValueData() function
for a specific InfoType data might be a SW-C or another basic software module. The
origin of the function is part of the Dcm module’s configuration.
Certain InfoTypes needed by the Dcm to provide Service $09 are provided by the DEM.
This is handled in the Dcm configuration.
[SWS_Dcm_00422] d On reception of an OBD Service $09 request with one or more
"availability InfoTypes" as parameter, the Dcm module shall respond with the corre-
sponding supported (=configured) InfoTypes. c()
[SWS_Dcm_00949] d On reception of an OBD Service $09 request "availability Info-
Types" together with other InfoTypes as parameter, the Dcm module shall ignore the
request. c()
[SWS_Dcm_00423] d On reception of an OBD Service $09 request for an InfoType that
is not an "availability InfoType", the Dcm module shall obtain the value of this InfoType
by invoking all the configured Xxx_GetInfotypeValueData() function for every data of
this InfoType and shall return the value as response to Service $09 c()
[SWS_Dcm_00684] d In case DcmDspVehInfoNODIProvResp is set to FALSE, in
addition to collect the available InfoType value contributions from the individual SW-C,
the Dcm shall compute the data byte NofDataItems in the diagnostic response, which
defines the number of DataItems included in one InfoType. c()
Note: The Calculation of the Calibration Identification (CAL-ID) and Calibration Verifi-
cation Number (CVN) is not a BSW Task and will not handled within the DCM.
[SWS_Dcm_01167] d In case DcmDspVehInfoNODIProvResp is set to TRUE, the
Dcm shall take over the value returned by the provider and report it as NofDataItems in
the diagnostic response. c()
[SWS_Dcm_CONSTR_6045] d In case the responsibility is on provider side (DcmD-
spVehInfoNODIProvResp is set to TRUE), only one DcmDspVehInfoData con-
tainer shall be allowed. c()
[SWS_Dcm_CONSTR_6046] d In case DcmDspVehInfoDataUsePort
is set to FALSE and DcmDspVehInfoDataReadFnc is set to either
Dem_DcmGetInfoTypeValue08 or Dem_DcmGetInfoTypeValue0B then DcmD-
spVehInfoNODIProvResp shall be set to TRUE. c()
Note : The integrator has to make sure that the buffer determined by the DcmDspVe-
hInfoDataSize is sufficiently sized to receive the data returned by the provider of
the data.
[SWS_Dcm_01191] d If Xxx_GetInfoTypeValueData() doesn’t return E_OK or
E_PENDING, the Dcm shall return NRC 0x12. c()
The Dcm shall be able to manage a jump to the bootloader / jump due to ECUReset
request. Due to the diversity of possibility to realize this jump, this will be done using
callout call.
4 different use cases have been identified for the jump to the bootloader, if all precon-
ditions are fulfilled and assuming the ’suppressPosRspMsgIndicationBit ’ flag is set to
’false’:
1. The application immediately sends a final positive response and then jumps to
the bootloader
2. The application first sends a NRC 0x78 response, then the final positive response
and afterwards jumps to the bootloader
3. The application immediately jumps to the bootloader and the bootloader sends
the final positive response
4. The application first sends a NRC 0x78 response, then jumps to the bootloader
and the bootloader sends the final positive response
Note: In case the ’suppressPosRspMsgIndicationBit’ flag is set to ’true’, use case ’1’
and use case ’3’ will not issue a positive response.
[SWS_Dcm_00532] d On reception of service DiagnosticSessionControl if the pro-
vided session is used to jump to OEM bootloader (parameter DcmDspSessionFor-
Boot set to DCM_OEM_BOOT or DCM_OEM_BOOT_RESPAPP) the Dcm shall pre-
pare the jump to the OEM bootloader (see [SWS_Dcm_00535]) by triggering the mode
switch of ModeDeclarationGroupPrototype DcmEcuReset to JUMPTOBOOTLOADER.
c(SRS_Diag_04098)
Note: By this mode switch the Dcm informs the BswM to prepare the jump to the boot-
loader.
[SWS_Dcm_00592] d On reception of service DiagnosticSessionControl if the pro-
vided session is used to jump to System Supplier bootloader (parameter DcmDspSes-
sionForBoot set to DCM_SYS_BOOT or DCM_SYS_BOOT_RESPAPP) the Dcm
shall prepare the jump to the System Supplier bootloader (see [SWS_Dcm_00535])
After successful reprograming of the application software, the bootloader will update
the ApplUpdated flag and the ResponseRequired flags.
After an ECU reset, when the newly programmed application is started for the first
time, the Dcm will read the ApplUpdated and ResponseRequired flag by calling
Dcm_GetProgConditions. During this function call the ApplUpdated and Respon-
seRequired flags are cleared by the integration code.
• The DID range configuration, used to handle a set of DIDs sharing the same
behavior uniformly in one SW-C with only one port-connection. The interface
DataServices_DIDRange_{Range} should be used in this case. Using this con-
figuration allows an interface optimization.The following parameters shall be con-
figured in order to use the DIDRange optimization: DcmDspDidRangeIdenti-
fierLowerLimit and DcmDspDidRangeIdentifierUpperLimit which de-
limited the range of the DIDs. DcmDspDidRangeMaxDataLength and DcmD-
spDidRangeHasGaps.
[SWS_Dcm_01174] d If DcmVinRef is configured then the VIN shall be fetched once
by the Dcm during startup by calling Dcm_GetVin. c()
– Get the scaling information of the DID. This can be achieved by getting the
scaling information for each DataElement (ECUC_Dcm_00676: DcmDsp-
DataGetScalingInfoFnc)
– Request the data length of a DataElement (ECUC_Dcm_00671: DcmDsp-
DataReadDataLengthFnc)
– Read a certain ECU signal (ECUC_Dcm_00824: DcmDspDataReadE-
cuSignal).
– Access in reading or writing to the data (ECUC_Dcm_00669 : DcmDsp-
DataReadFnc, ECUC_Dcm_00670: DcmDspDataWriteFnc)
– Request to reset an IOControl to default value (ECUC_Dcm_00673 : DcmD-
spDataResetToDefaultFnc)
– Request to return control to ECU of an IOControl (ECUC_Dcm_00672 :
DcmDspDataReturnControlToEcuFnc)
– Request to adjust the IO signal (ECUC_Dcm_00675 : DcmDspDataShort-
TermAdjustmentFnc)
It is also possible to configure an alternative diagnosis representation via
ECUC_Dcm_00993: DcmDspDiagnosisScaling.
The following example shows how to configure the containers DcmDspDid and DcmD-
spData for an individual DID 0xF080. This configuration allows access to a byte
of data via synchronous C APIs WriteDID_F080 (for writing) and ReadDID_F080 (for
reading).
• DcmDspDidIdentifier=0xF080
• DcmDspDidByteOffset=0
• DcmDspDidDataRef=DcmDspData_F080
• DcmDspDataByteSize=8
• DcmDspDataType=UINT8_N
• DcmDspDataUsePort=USE_DATA_SYNCH_FNC
• DcmDspDataWriteFnc=WriteDID_F080
• DcmDspDataReadFnc=ReadDID_F080
[SWS_Dcm_CONSTR_6067] Dependency for DcmDspDataBlockIdRef d DcmD-
spDataBlockIdRef shall be only present if DcmDspDataUsePort is set to
USE_BLOCK_ID. c()
DID ranges are in general the same as the ’normal’ DID read and write function, except
that the DID is also passed as a parameter. This allows to treat the DID range in a
switch/case in the read or the write function.
The ranges can be applied for reading (ReadDataByIdentifier 0x22) and writing (Write-
DataByIdentifier 0x2E) DIDs.
The ranges can be configured in ECUC_Dcm_00937 : DcmDspDidRange. Each con-
figured range is by default accessible by service 0x22 and 0x2E. In case the range
should be limited to reading or writing, the referenced DcmDspDidInfo container
should be defined accordingly.
It is also possible to define gaps within the range (DcmDspDidRangeHasGaps). By
activating this feature, the Dcm invokes each time a DID is requested within the config-
ured range, the operation IsDidAvailable has to check the current availability. And as
the DIDs of the specified range can have different length, the length of the longest DID
has to be configured (DcmDspDidRangeMaxDataLength) in order to reserve enough
buffer passed to the respective function.
In general, the range functionality can also be used for a single DID if you specifically
want to pass the DID as a parameter. Then lower DID and upper DID should be the
same.
ReadDidRangeDataLength operation allows to request the application to return the
data length of a DID Range.
[SWS_Dcm_CONSTR_6020] Definition of allowed DID access d Any defined range
shall only reference via DcmDspDidRangeInfoRef. The sub-containers DcmDsp-
DidControl and DcmDspDidDefineinDcmDspDidInfo shall not be used] . c()
[SWS_Dcm_CONSTR_6021] DID ranges cannot be mapped on DDDIDs, be-
cause service 0x2C DDDID does not support the range feature. Practi-
cally DcmDspDidRangeIdentifierLowerLimit and DcmDspDidRangeIdenti-
fierUpperLimit should not include DIDs of the range 0xF200 till 0xF3FF. dAny
defined range shall only reference DcmDspDidInfo via DcmDspDidRangeInfoRef,
having set DcmDspDidDynamicallyDefined == False. c()